OR
     *cpe:2.3:h:d-link:dns-320l:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:d-link:dnr-326:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:d-link:dns-320b:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:dlink:dns-320b:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:d-link:dns-345:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:d-link:dns-325:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:d-link:dns-322l:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:dlink:dns-322l:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:d-link:dns-327l:-:*:*:*:*:*:*:*

OR
     *cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*

http://www.securityfocus.com/archive/1/535626/100/200/threaded [No Types Assigned]

http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded [Third Party Advisory, VDB Entry]

AND
     OR
          *cpe:2.3:o:d-link:dnr-326_firmware:1.40b03:*:*:*:*:*:*:* (and previous)
     OR
          cpe:2.3:h:d-link:dnr-326:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:d-link:dns-320b_firmware:1.02b01:*:*:*:*:*:*:* (and previous)
     OR
          cpe:2.3:h:d-link:dns-320b:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:d-link:dns-320l_firmware:1.03b04:*:*:*:*:*:*:* (and previous)
     OR
          cpe:2.3:h:d-link:dns-320l:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:d-link:dns-322l_firmware:2.00b07:*:*:*:*:*:*:* (and previous)
     OR
          cpe:2.3:h:d-link:dns-322l:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:d-link:dns-325_firmware:1.05b03:*:*:*:*:*:*:* (and previous)
     OR
          cpe:2.3:h:d-link:dns-325:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:d-link:dns-327l_firmware:1.02:*:*:*:*:*:*:* (and previous)
     OR
          cpe:2.3:h:d-link:dns-327l:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:d-link:dns-345_firmware:1.03b06:*:*:*:*:*:*:* (and previous)
     OR
          cpe:2.3:h:d-link:dns-345:-:*:*:*:*:*:*:*

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287

http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html No Types Assigned

http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html Third Party Advisory, VDB Entry

http://seclists.org/fulldisclosure/2015/May/125 No Types Assigned

http://seclists.org/fulldisclosure/2015/May/125 Mailing List, Third Party Advisory, VDB Entry

http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf No Types Assigned

http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf Technical Description

http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded No Types Assigned

http://www.securityfocus.com/archive/1/archive/1/535626/100/200/threaded Third Party Advisory, VDB Entry

http://www.securityfocus.com/bid/74880 No Types Assigned

http://www.securityfocus.com/bid/74880 Third Party Advisory, VDB Entry

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allows remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.

D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.