CVE-2026-1744 – This CVE describes a cross-site scripting (XSS)... (How to Fix)

Q: What is the severity of CVE-2026-1744?

CVE-2026-1744 has a CVSS score of 2.4 (LOW). This CVE describes a cross-site scripting (XSS) vulnerability in D-Link DSL-6641K routers running firmware version N8.TR069.20131126. Attackers can inject malicious scripts via the Username parameter in the PPPoE configuration interface, potentially compromising router administration sessions. Only unsupported legacy devices are affected.

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in D-Link DSL-6641K routers running firmware version N8.TR069.20131126. Attackers can inject malicious scripts via the Username parameter in the PPPoE configuration interface, potentially compromising router administration sessions. Only unsupported legacy devices are affected.

💻 Affected Systems

Products:

D-Link DSL-6641K

Versions: N8.TR069.20131126

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with exposed web administration interface. End-of-life product with no vendor support.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains administrative control of router, modifies network settings, intercepts traffic, or installs persistent malware on the device.

🟠

Likely Case

Session hijacking of admin interface, credential theft, or defacement of router configuration pages.

🟢

If Mitigated

Limited to temporary session compromise if proper network segmentation and admin interface restrictions are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires access to admin interface. Public technical details available but no automated exploit tools confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://www.dlink.com/

Restart Required: No

Instructions:

No official patch available. Product is end-of-life. Replace with supported hardware.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router web interface

Access router admin > Security > Remote Management > Disable

Change default credentials

all

Use strong unique admin password

Access router admin > Management > Change Password

🧯 If You Can't Patch

Replace affected routers with supported models
Segment network to isolate vulnerable devices behind firewall

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface: System > Firmware

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify router model and firmware version no longer matches affected version

📡 Detection & Monitoring

Log Indicators:

Unusual admin login attempts
PPPoE configuration changes with script-like usernames

Network Indicators:

HTTP requests to sp_pppoe_user.js with script tags in parameters

SIEM Query:

http.url:*sp_pppoe_user* AND (http.param:*<script>* OR http.param:*javascript:*)

📊 Metadata

CVE ID: CVE-2026-1744

CVSS v3 Score: 2.4 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy