A vulnerability marked as critical has been reported in D-Link DNS-320 2.06B01 . This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi . This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-8273 . It is possible to initiate the attack remotely. There is no exploit available.