Platform
dlink
Component
d-link-dsl-6641k-web-interface
Fixed in
8.0.1
CVE-2026-1705 describes a cross-site scripting (XSS) vulnerability affecting the D-Link DSL-6641K Web Interface. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. The vulnerability impacts devices running firmware versions N8.TR069.20131126. A fix is expected from D-Link.
Successful exploitation of CVE-2026-1705 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the affected D-Link DSL-6641K device. This can lead to a variety of malicious actions, including stealing user credentials (usernames, passwords), redirecting users to phishing sites, or injecting malware. The attacker could potentially gain control of the device's configuration or use it as a launchpad for further attacks within the network. Given the device's role as a router, a successful attack could compromise the security of all devices connected to it.
The vulnerability is publicly disclosed and a proof-of-concept exploit is available, indicating a higher risk of exploitation. The CVSS score is LOW (2.4), suggesting the attack requires specific conditions or user interaction. It is not currently listed on CISA KEV. Active exploitation campaigns are not yet confirmed, but the public availability of the exploit increases the likelihood of future attacks.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-1705 is to upgrade the D-Link DSL-6641K firmware to a version containing the security patch. Until an official patch is available, implement temporary mitigations such as configuring a Web Application Firewall (WAF) to filter out malicious input and implementing strict input validation on the 'Name' parameter within the advirtualserver_vdsl function. Regularly review and update WAF rules to adapt to evolving attack techniques. Monitor device logs for suspicious activity, particularly attempts to manipulate the 'Name' parameter.
Update the firmware of the D-Link DSL-6641K to a version later than N8.TR069.20131126 to fix the XSS vulnerability in the web interface. Refer to the manufacturer's website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1705 is a cross-site scripting (XSS) vulnerability in the D-Link DSL-6641K Web Interface, allowing attackers to inject malicious scripts. It affects firmware version N8.TR069.20131126.
You are affected if your D-Link DSL-6641K router is running firmware version N8.TR069.20131126 and has not been updated.
Upgrade your D-Link DSL-6641K firmware to the latest available version. As a temporary measure, configure a WAF or implement input validation.
While active exploitation campaigns are not confirmed, a public proof-of-concept exploit is available, increasing the risk of exploitation.
Refer to the D-Link security advisory page for updates and official information regarding CVE-2026-1705.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.