CVE-2026-8272: D-Link DNS-320 webfile_mgr.cgi chown os command injection
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-8272?
CVE-2026-8272 is classified as a critical security vulnerability due to the potential for OS command injection.
How does CVE-2026-8272 exploit work?
CVE-2026-8272 exploits a flaw in the webfile_mgr.cgi functionality of the D-Link DNS-320 that allows attackers to inject OS commands.
Which versions of D-Link DNS-320 are affected by CVE-2026-8272?
CVE-2026-8272 affects D-Link DNS-320 version 2.06B01.
How do I fix CVE-2026-8272?
To fix CVE-2026-8272, update the D-Link DNS-320 firmware to the latest version provided by D-Link.
What are the potential impacts of CVE-2026-8272?
The potential impacts of CVE-2026-8272 include unauthorized access and control over the device through OS command execution.