CVE-2026-5312 identifies a security weakness in a broad range of D-Link NAS devices, including DNS-120, DNS-320 series, DNS-323, DNS-325, DNS-326, DNS-327L, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 running firmware up to version 20260205. The vulnerability is due to improper access controls in multiple functions within the /cgi-bin/dsk_mgr.cgi CGI script, which handles disk management operations such as restarting services, retrieving disk status, scanning disks, volume mapping, RAID type queries, and rebuild information. These functions can be manipulated remotely without requiring authentication, user interaction, or privileges, enabling an attacker to perform unauthorized operations on the device. The flaw stems from insufficient validation of access rights before executing sensitive disk management commands. The vulnerability has a CVSS 4.0 score of 6.9, reflecting a medium severity with network attack vector, low attack complexity, no privileges or user interaction needed, and limited impact on availability but potential impact on integrity due to unauthorized control over storage functions. Although no active exploitation has been reported, a public exploit is available, increasing the likelihood of exploitation attempts. This vulnerability could allow attackers to disrupt storage services, manipulate RAID configurations, or gain further foothold within affected networks. The affected devices are widely deployed in small and medium business environments and home networks, often serving as critical storage infrastructure. The lack of authentication requirement and remote exploitability make this vulnerability particularly concerning for exposed devices.

The improper access control vulnerability in D-Link NAS devices can lead to unauthorized remote manipulation of critical disk and RAID management functions. This can result in disruption of storage services, data integrity compromise through unauthorized RAID reconfiguration or disk scans, and potential data loss or corruption. Attackers could leverage this access to further penetrate internal networks or disrupt business operations relying on these NAS devices. Organizations using these devices without proper network segmentation or access controls are at risk of service outages and data breaches. The availability of a public exploit increases the risk of widespread attacks, especially against devices exposed to the internet or poorly secured internal networks. The impact is particularly significant for small and medium enterprises and home users who rely on these devices for essential data storage and backup. The vulnerability does not require authentication or user interaction, making it easier to exploit and increasing the potential attack surface. However, the impact is limited to the affected NAS devices and does not directly compromise broader network infrastructure unless leveraged as a pivot point.

1. Immediately restrict access to the management interface (/cgi-bin/dsk_mgr.cgi) by implementing network-level controls such as firewall rules or VPN-only access to prevent unauthorized remote connections. 2. Disable remote management features if not required, or restrict them to trusted IP addresses. 3. Monitor network traffic and device logs for unusual access patterns or repeated attempts to invoke disk management functions. 4. Apply any available firmware updates or patches from D-Link as soon as they are released addressing this vulnerability. 5. If patches are not yet available, consider isolating affected devices on segmented network zones with strict access controls to minimize exposure. 6. Educate users and administrators about the risks of exposing NAS management interfaces directly to the internet. 7. Regularly back up critical data stored on these devices to mitigate potential data loss from exploitation. 8. Employ intrusion detection/prevention systems to detect exploitation attempts targeting the vulnerable CGI endpoints. 9. Conduct periodic security assessments of NAS devices and their configurations to ensure compliance with best practices.