Description
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Published: 2026-01-30
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting (XSS)
Action: Assess Impact
AI Analysis

Impact

The vulnerability appears in the ad_virtual_server_vdsl function of the web interface on D-Link DSL‑6641K routers. By manipulating the Name parameter, an attacker can inject arbitrary script into the browser of any user who accesses the page. This remote cross‑site scripting can lead to session hijacking, defacement, or the execution of malicious code, exploiting weaknesses identified as CWE‑79 and CWE‑94.

Affected Systems

Affected systems are D-Link DSL‑6641K routers running firmware version N8.TR069.20131126. No other product versions are specified, so only this build is known to be vulnerable.

Risk and Exploitability

The CVSS base score is 4.8, indicating low severity, and the EPSS score is less than 1 %, suggesting a low probability of exploitation. The vulnerability is triggerable entirely from the web interface, meaning it can be exploited remotely by sending crafted HTTP requests to the ad_virtual_server_vdsl endpoint. The exploit is publicly available and may be used by attackers with minimal technical skill. The vulnerability is not listed in the KEV catalog.

Generated by OpenCVE AI on April 18, 2026 at 01:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update provided by D‑Link for the DSL‑6641K that addresses the ad_virtual_server_vdsl XSS.
  • Restrict or disable remote management of the web interface; allow access only from trusted local networks.
  • Implement input validation or a web application firewall to block malicious payloads in the Name parameter and enforce content‑security policies.

Generated by OpenCVE AI on April 18, 2026 at 01:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dsl-6641k
Vendors & Products D-link
D-link dsl-6641k

Mon, 02 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 30 Jan 2026 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Title D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dsl-6641k
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:11:22.430Z

Reserved: 2026-01-30T15:48:31.407Z

Link: CVE-2026-1705

cve-icon Vulnrichment

Updated: 2026-02-02T17:41:19.435Z

cve-icon NVD

Status : Deferred

Published: 2026-01-30T22:15:55.950

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1705

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T01:15:05Z

Weaknesses