The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dnr 326
HWDlinkwszystkie wersjeD Link Dnr 326 Firmware
OSD-Link≤ 1.40b03
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References
Related vulnerabilities
CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam produkt
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)
CVE-2014-7857CRITICAL9.8ten sam produkt
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01,...
CVE-2014-7859CRITICAL9.8ten sam produkt
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322...
CVE-2024-3273HIGH7.3⚠ KEVten sam produkt
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320...
CVE-2026-5211HIGH7.4ten sam produkt
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, ...