D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

访问控制不恰当

D-Link多款产品 访问控制错误漏洞

D-Link DNS-120等都是中国友讯（D-Link）公司的产品。D-Link DNS-120是一个网络存储适配器。D-Link DNR-202L是一个网络视频摄像机。D-Link DNS-315L是一个网络附加存储器。 D-Link多款产品存在访问控制错误漏洞，该漏洞源于对文件/cgi-bin/dsk_mgr.cgi中多个函数的操作导致访问控制不当。以下产品及版本受到影响：DNS-120 20260205及之前版本、DNR-202L 20260205及之前版本、DNS-315L 20260205及之

N/A

N/A