Home

Description

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2026-02-01 | Published 2026-02-02 | Updated 2026-02-03 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 2.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
LOW: 2.4CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3.3AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Cross Site Scripting

Code Injection

Product status

N8.TR069.20131126
affected

Timeline

2026-02-01:Advisory disclosed
2026-02-01:VulDB entry created
2026-02-01:VulDB entry last update

Credits

tian (VulDB User) reporter

References

tzh00203.notion.site/...0d083aaf19efbaa9130?source=copy_link exploit

vuldb.com/?id.343675 (VDB-343675 | D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting) vdb-entry technical-description

vuldb.com/?ctiid.343675 (VDB-343675 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.742439 (Submit #742439 | D-Link DSL6641K version N8.TR069.20131126 Cross Site Scripting) third-party-advisory

tzh00203.notion.site/...0d083aaf19efbaa9130?source=copy_link exploit

www.dlink.com/ product

cve.org (CVE-2026-1744)

nvd.nist.gov (CVE-2026-1744)

Download JSON