{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1705", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-30T15:48:31.407Z", "datePublished": "2026-01-30T21:32:08.548Z", "dateUpdated": "2026-02-23T09:11:22.430Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:11:22.430Z"}, "title": "D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "D-Link", "product": "DSL-6641K", "versions": [{"version": "N8.TR069.20131126", "status": "affected"}], "modules": ["Web Interface"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-30T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-31T14:39:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "tian (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.343510", "name": "VDB-343510 | D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343510", "name": "VDB-343510 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.742421", "name": "Submit #742421 | D-Link DSL6641K version N8.TR069.20131126 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-via-ad_virtual_server_vdsl-Configuration-2eeb5c52018a805d97adfb23dfec39c9?source=copy_link", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T17:41:14.543892Z", "id": "CVE-2026-1705", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T17:41:22.122Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1705", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-02T17:41:14.543892Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T17:41:19.435Z"}}], "cna": {"title": "D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "tian (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "D-Link", "modules": ["Web Interface"], "product": "DSL-6641K", "versions": [{"status": "affected", "version": "N8.TR069.20131126"}]}], "timeline": [{"lang": "en", "time": "2026-01-30T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-30T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-31T14:39:24.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.343510", "name": "VDB-343510 | D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343510", "name": "VDB-343510 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.742421", "name": "Submit #742421 | D-Link DSL6641K version N8.TR069.20131126 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-via-ad_virtual_server_vdsl-Configuration-2eeb5c52018a805d97adfb23dfec39c9?source=copy_link", "tags": ["exploit"]}, {"url": "https://www.dlink.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:11:22.430Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1705", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:11:22.430Z", "dateReserved": "2026-01-30T15:48:31.407Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-30T21:32:08.548Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en D-Link DSL-6641K N8.TR069.20131126. Afectada por este problema es la funci\u00f3n ad_virtual_server_vdsl del componente Interfaz Web. Realizar una manipulaci\u00f3n del argumento Name resulta en cross site scripting. Es posible iniciar el ataque remotamente. El exploit es ahora p\u00fablico y puede ser usado."}], "id": "CVE-2026-1705", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-30T22:15:55.950", "references": [{"source": "cna@vuldb.com", "url": "https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-via-ad_virtual_server_vdsl-Configuration-2eeb5c52018a805d97adfb23dfec39c9?source=copy_link"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.343510"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.343510"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.742421"}, {"source": "cna@vuldb.com", "url": "https://www.dlink.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:02:10.568037+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update provided by D\u2011Link for the DSL\u20116641K that addresses the ad_virtual_server_vdsl XSS. ", "Restrict or disable remote management of the web interface; allow access only from trusted local networks. ", "Implement input validation or a web application firewall to block malicious payloads in the Name parameter and enforce content\u2011security policies."], "summary": {"action": "Assess Impact", "impact": "Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "Affected systems are D-Link DSL\u20116641K routers running firmware version N8.TR069.20131126. No other product versions are specified, so only this build is known to be vulnerable.", "description_and_impact": "The vulnerability appears in the ad_virtual_server_vdsl function of the web interface on D-Link DSL\u20116641K routers. By manipulating the Name parameter, an attacker can inject arbitrary script into the browser of any user who accesses the page. This remote cross\u2011site scripting can lead to session hijacking, defacement, or the execution of malicious code, exploiting weaknesses identified as CWE\u201179 and CWE\u201194.", "risk_and_exploitability": "The CVSS base score is 4.8, indicating low severity, and the EPSS score is less than 1\u202f%, suggesting a low probability of exploitation. The vulnerability is triggerable entirely from the web interface, meaning it can be exploited remotely by sending crafted HTTP requests to the ad_virtual_server_vdsl endpoint. The exploit is publicly available and may be used by attackers with minimal technical skill. The vulnerability is not listed in the KEV catalog."}}}}, "created": "2026-02-02T09:26:48.184765+00:00", "updated": "2026-04-18T01:15:05.977561+00:00", "vendors": ["d-link", "d-link$PRODUCT$dsl-6641k"]}