CVE-2026-1744

Опубликовано: 02 фев. 2026

Источник: nvd

CVSS3: 2.4

CVSS3: 4.8

CVSS2: 3.3

EPSS Низкий

Описание

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-via-sp_pppoe_user-js-Configuration-2eeb5c52018a80d083aaf19efbaa9130?source=copy_link
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.343675
Permissions Required
VDB Entry
https://vuldb.com/?id.343675
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.742439
Third Party Advisory
VDB Entry
https://www.dlink.com/
Product
https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-via-sp_pppoe_user-js-Configuration-2eeb5c52018a80d083aaf19efbaa9130?source=copy_link
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dsl-6641k_firmware:n8.tr069.20131126:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dsl-6641k:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00408

Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gm6w-4mw8-hx49

CVSS3: 2.4

github

5 месяцев назад

EPSS

Процентиль: 33%

0.00408

Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-79