CNNVD-202602-166 Information
CNNVD ID
CNNVD-202602-166
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
D-Link DSL-6641K是中国友讯(D-Link)公司的一款路由器。 D-Link DSL-6641K N8.TR069.20131126版本存在代码注入漏洞,该漏洞源于对文件sp_pppoe_user.js中函数doSubmitPPP的参数Username的错误操作,可能导致跨站脚本攻击。
Description (English)
D-Link DSL-6641K is a router for D-Link. The D-Link DSL-6641K N8.TR069.20131126 version contains a code-injecting loophole, which results from an error in Username, the parameter for the function doSubmitPP in document sp pppoe user.js, which may result in a cross-stop script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
友讯
Published
2026-02-02
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.343675 https://vuldb.com/?submit.742439 https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-via-sp_pppoe_user-js-Configuration-2eeb5c52018a80d083aaf19efbaa9130?source=copy_link https://www.dlink.com/ https://vuldb.com/?id.343675 https://access.redhat.com/security/cve/cve-2026-1744
Share on: