CVE-2026-5311
Received Received - Intake
Improper Access Control in D-Link Webdav_Access_List Allows Remote Exploit

Publication date: 2026-04-01

Last updated on: 2026-04-07

Assigner: VulDB

Description
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5311
EUVD
EUVD-2026-18023
Affected Vendors & Products
Showing 20 associated CPEs
Vendor Product Version / Range
dlink dnr-202l_firmware to 2026-02-05 (inc)
dlink dnr-326_firmware to 2026-02-05 (inc)
dlink dns-1100-4_firmware to 2026-02-05 (inc)
dlink dns-120_firmware to 2026-02-05 (inc)
dlink dns-1200-05_firmware to 2026-02-05 (inc)
dlink dns-1550-04_firmware to 2026-02-05 (inc)
dlink dns-315l_firmware to 2026-02-05 (inc)
dlink dns-320_firmware to 2026-02-05 (inc)
dlink dns-320l_firmware to 2026-02-05 (inc)
dlink dns-320lw_firmware to 2026-02-05 (inc)
dlink dns-321_firmware to 2026-02-05 (inc)
dlink dns-322l_firmware to 2026-02-05 (inc)
dlink dns-323_firmware to 2026-02-05 (inc)
dlink dns-325_firmware to 2026-02-05 (inc)
dlink dns-326_firmware to 2026-02-05 (inc)
dlink dns-327l_firmware to 2026-02-05 (inc)
dlink dns-340l_firmware to 2026-02-05 (inc)
dlink dns-343_firmware to 2026-02-05 (inc)
dlink dns-345_firmware to 2026-02-05 (inc)
dlink dns-726-4_firmware to 2026-02-05 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability allows remote attackers to access the Webdav_Access_List interface without authentication, exposing shared directory names, WebDAV URLs, and internal IP addresses.

Immediate mitigation steps should include restricting external access to the affected devices' WebDAV services, especially the /cgi-bin/file_center.cgi endpoint.

Additionally, network-level controls such as firewall rules should be applied to limit access to trusted hosts only.

Monitoring and logging access to the WebDAV interface can help detect exploitation attempts.

Finally, check for and apply any available firmware updates or patches from D-Link addressing this vulnerability.

Executive Summary

The CVE-2026-5311 vulnerability affects certain D-Link NAS devices and involves improper access control in the Webdav_Access_List function of the file_center.cgi file. An attacker can remotely manipulate the cmd argument to bypass authentication and access the Webdav_Access_List interface without any credentials.

This interface reveals WebDAV access information, including shared directory names, their WebDAV access URLs, and the device's internal IPv4 address. This exposure allows attackers to enumerate shared resources and exposed WebDAV endpoints, potentially leading to unauthorized access and further attacks.

Impact Analysis

This vulnerability can impact you by allowing remote attackers to gain unauthorized access to shared directories and WebDAV endpoints on affected D-Link NAS devices.

Attackers can enumerate shared resources and potentially exploit this information to access sensitive data or launch further attacks against the device or network.

Detection Guidance

This vulnerability can be detected by checking if the Webdav_Access_List interface of the /cgi-bin/file_center.cgi endpoint is accessible without authentication. An attacker can query this interface to enumerate shared directory names, WebDAV access URLs, and internal IPv4 addresses.

To detect this on your network or system, you can attempt to send an HTTP request to the vulnerable endpoint and observe the response.

  • Use curl or similar tools to send a request: curl -v http://<device-ip>/cgi-bin/file_center.cgi?cmd=Webdav_Access_List
  • If the response returns structured configuration data including shared directories and WebDAV URLs without requiring authentication, the device is vulnerable.
Compliance Impact

The vulnerability allows unauthorized remote access to WebDAV access information, including shared directory names, access URLs, and internal IP addresses. This improper access control can lead to unauthorized disclosure of sensitive information stored on the affected D-Link NAS devices.

Such unauthorized disclosure and potential access to sensitive data can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access and disclosure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5311. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart