Cross Site Scripting Vulnerability in Datacom DM4100 Ethernet Configuration
CVE-2026-7001

4.8MEDIUM

Key Information:

Vendor

Datacom

Status
Dm4100
Vendor
CVE Published:
25 April 2026

What is CVE-2026-7001?

A cross site scripting (XSS) vulnerability exists in the Ethernet Configuration Page of Datacom DM4100 version 1.3.6.1.4.1.3709. By manipulating the 'Name' argument, an attacker can exploit this vulnerability remotely, leading to potential data leakage or malicious script execution within the user's browser. The exploit is publicly available, raising significant security concerns. Despite early notification, the vendor has not responded to address the issue.

Affected Version(s)

DM4100 1.3.6.1.4.1.3709

References

https://vuldb.com/vuln/359560
vdb-entrytechnical-description
https://vuldb.com/vuln/359560/cti
signaturepermissions-required
https://vuldb.com/submit/797368
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
VulDB CNA Team
.