VYPR
← All advisories
Low severity2.4NVD Advisory· Published Jan 30, 2026· Updated Apr 29, 2026

CVE-2026-1705

CVE-2026-1705

Description

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2026-1705 is a low-severity stored XSS vulnerability in the D-Link DSL-6641K router's web interface, with a public exploit available.

Vulnerability

Details CVE-2026-1705 describes a cross-site scripting (XSS) vulnerability in the D-Link DSL-6641K router, specifically within the ad_virtual_server_vdsl function of its web interface. The vulnerability arises from improper neutralization of user input when the Name argument is manipulated. This allows an attacker to inject arbitrary client-side scripts into the affected page [1].

Exploitation

An attacker can exploit this issue remotely, without needing prior authentication, by sending a crafted request to the router's web interface. The exploit is publicly available and has been demonstrated, increasing the risk of active attacks in the wild [1].

Impact

Successful exploitation could allow an attacker to execute arbitrary JavaScript in the context of an administrator's browser session. This may result in session hijacking, defacement of the web management interface, or theft of sensitive configuration data.

Mitigation

D-Link has not released a patch as the affected firmware version is end-of-life. The vendor's advisory page [1] provides general support. Users are strongly advised to isolate or replace this device to mitigate the risk.

References
  1. Landing

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.