← Back
2026-04-26 7:15CVE-2026-7026VulDB
PUBLISHED5.2CWE-79CWE-94

D-Link DGS-3420 System Information Settings cross site scripting

A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Problem type

Affected products

D-Link

DGS-3420

1.50.018 - AFFECTED

References

VDB-359606 | D-Link DGS-3420 System Information Settings cross site scripting

https://vuldb.com/vuln/359606

vdb-entrytechnical-description
VDB-359606 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359606/cti

signaturepermissions-required
Submit #797877 | D-Link DGS-3420-28TC 1.50.018 Cross Site Scripting

https://vuldb.com/submit/797877

third-party-advisory
dlink.com

https://www.dlink.com/

product

GitHub Security Advisories

GHSA-36wq-hmr3-cfc5

A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown...

https://github.com/advisories/GHSA-36wq-hmr3-cfc5

A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7026

vuldb.com

https://vuldb.com/submit/797877

vuldb.com

https://vuldb.com/vuln/359606

vuldb.com

https://vuldb.com/vuln/359606/cti

dlink.com

https://www.dlink.com

github.com

https://github.com/advisories/GHSA-36wq-hmr3-cfc5

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7026
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7026",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-04-26T07:15:12.717Z",
    "dateReserved": "2026-04-25T14:13:55.932Z",
    "datePublished": "2026-04-26T07:15:12.717Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-04-26T07:15:12.717Z"
      },
      "title": "D-Link DGS-3420 System Information Settings cross site scripting",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "affected": [
        {
          "vendor": "D-Link",
          "product": "DGS-3420",
          "modules": [
            "System Information Settings Page"
          ],
          "versions": [
            {
              "version": "1.50.018",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Cross Site Scripting",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Code Injection",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/359606",
          "name": "VDB-359606 | D-Link DGS-3420 System Information Settings cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/359606/cti",
          "name": "VDB-359606 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/797877",
          "name": "Submit #797877 | D-Link DGS-3420-28TC 1.50.018 Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://www.dlink.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:C/A:N/E:POC/RL:ND/RC:UR",
            "baseScore": 6.1
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-04-25T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-04-25T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-04-25T16:19:10.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Fergod (VulDB User)",
          "type": "reporter"
        },
        {
          "lang": "en",
          "value": "VulDB Vulnerability Moderation Team",
          "type": "coordinator"
        }
      ]
    }
  }
}