← Back
2026-04-26 8:15CVE-2026-7027VulDB
PUBLISHED5.2CWE-79CWE-94

D-Link DSL-2740R Wireless Setup Section cross site scripting

A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used.

Problem type

Affected products

D-Link

DSL-2740R

EU_01.15 - AFFECTED

References

VDB-359607 | D-Link DSL-2740R Wireless Setup Section cross site scripting

https://vuldb.com/vuln/359607

vdb-entrytechnical-description
VDB-359607 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359607/cti

signaturepermissions-required
Submit #797896 | D-Link DSL-2740R EU_01.15 Cross Site Scripting

https://vuldb.com/submit/797896

third-party-advisory
dlink.com

https://www.dlink.com/

product

GitHub Security Advisories

GHSA-x85h-2g56-9544

A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of...

https://github.com/advisories/GHSA-x85h-2g56-9544

A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7027

vuldb.com

https://vuldb.com/submit/797896

vuldb.com

https://vuldb.com/vuln/359607

vuldb.com

https://vuldb.com/vuln/359607/cti

dlink.com

https://www.dlink.com

github.com

https://github.com/advisories/GHSA-x85h-2g56-9544

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7027
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7027",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-04-26T08:15:13.767Z",
    "dateReserved": "2026-04-25T14:15:21.357Z",
    "datePublished": "2026-04-26T08:15:13.767Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-04-26T08:15:13.767Z"
      },
      "title": "D-Link DSL-2740R Wireless Setup Section cross site scripting",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used."
        }
      ],
      "affected": [
        {
          "vendor": "D-Link",
          "product": "DSL-2740R",
          "modules": [
            "Wireless Setup Section"
          ],
          "versions": [
            {
              "version": "EU_01.15",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Cross Site Scripting",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Code Injection",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/359607",
          "name": "VDB-359607 | D-Link DSL-2740R Wireless Setup Section cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/359607/cti",
          "name": "VDB-359607 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/797896",
          "name": "Submit #797896 | D-Link DSL-2740R EU_01.15 Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://www.dlink.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 2.4,
            "baseSeverity": "LOW"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 2.4,
            "baseSeverity": "LOW"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "baseScore": 3.3
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-04-25T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-04-25T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-04-25T16:20:26.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Havook (VulDB User)",
          "type": "reporter"
        },
        {
          "lang": "en",
          "value": "VulDB Vulnerability Moderation Team",
          "type": "coordinator"
        }
      ]
    }
  }
}