プラットフォーム
dlink
コンポーネント
d-link-dsl-6641k-web-interface
修正版
8.0.1
CVE-2026-1705 describes a cross-site scripting (XSS) vulnerability affecting the D-Link DSL-6641K Web Interface. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. The vulnerability impacts devices running firmware versions N8.TR069.20131126. A fix is expected from D-Link.
Successful exploitation of CVE-2026-1705 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the affected D-Link DSL-6641K device. This can lead to a variety of malicious actions, including stealing user credentials (usernames, passwords), redirecting users to phishing sites, or injecting malware. The attacker could potentially gain control of the device's configuration or use it as a launchpad for further attacks within the network. Given the device's role as a router, a successful attack could compromise the security of all devices connected to it.
The vulnerability is publicly disclosed and a proof-of-concept exploit is available, indicating a higher risk of exploitation. The CVSS score is LOW (2.4), suggesting the attack requires specific conditions or user interaction. It is not currently listed on CISA KEV. Active exploitation campaigns are not yet confirmed, but the public availability of the exploit increases the likelihood of future attacks.
Small and medium-sized businesses (SMBs) and home users who rely on D-Link DSL-6641K routers are at risk. Specifically, those who have not updated their firmware and are using the vulnerable N8.TR069.20131126 version are particularly vulnerable. Shared hosting environments utilizing D-Link DSL-6641K routers for network connectivity are also at increased risk.
• dlink: Examine web server access logs for unusual requests targeting the advirtualserver_vdsl endpoint with suspicious parameters in the 'Name' field.
grep 'ad_virtual_server_vdsl' /var/log/httpd/access_log | grep -i 'Name=' | grep -v 'localhost'disclosure
エクスプロイト状況
EPSS
0.04% (12% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-1705 is to upgrade the D-Link DSL-6641K firmware to a version containing the security patch. Until an official patch is available, implement temporary mitigations such as configuring a Web Application Firewall (WAF) to filter out malicious input and implementing strict input validation on the 'Name' parameter within the advirtualserver_vdsl function. Regularly review and update WAF rules to adapt to evolving attack techniques. Monitor device logs for suspicious activity, particularly attempts to manipulate the 'Name' parameter.
D-Link DSL-6641KのファームウェアをN8.TR069.20131126より後のバージョンにアップデートすることで、WebインターフェースにおけるXSS脆弱性を修正してください。最新のファームウェアとアップデート手順については、製造元のウェブサイトを参照してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-1705 is a cross-site scripting (XSS) vulnerability in the D-Link DSL-6641K Web Interface, allowing attackers to inject malicious scripts. It affects firmware version N8.TR069.20131126.
You are affected if your D-Link DSL-6641K router is running firmware version N8.TR069.20131126 and has not been updated.
Upgrade your D-Link DSL-6641K firmware to the latest available version. As a temporary measure, configure a WAF or implement input validation.
While active exploitation campaigns are not confirmed, a public proof-of-concept exploit is available, increasing the risk of exploitation.
Refer to the D-Link security advisory page for updates and official information regarding CVE-2026-1705.