A vulnerability was found in D-Link DNS-320, DNS- 320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_ado. The manipulation off the argument name leads to os command injection.
Dork FOFA: app="D_Link-DNS-ShareCenter"