Cross Site Scripting Vulnerability in D-Link DSL-2740R Wireless Setup Section
CVE-2026-7027

4.8MEDIUM

Key Information:

Vendor: D-link
Status: Dsl-2740r
Vendor: CVE Published:; 26 April 2026

What is CVE-2026-7027?

A cross site scripting vulnerability exists in the Wireless Setup Section of the D-Link DSL-2740R EU_01.15 router. This issue allows an attacker to manipulate the Wireless Network Name (SSID), leading to potential execution of malicious scripts in a user's browser. The exploit can be executed remotely, making it a serious concern for users managing their network settings. Given that the exploit code is publicly available, it is crucial for users to implement necessary security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

DSL-2740R EU_01.15

References

https://vuldb.com/vuln/359607

vdb-entrytechnical-description

https://vuldb.com/vuln/359607/cti

signaturepermissions-required

https://vuldb.com/submit/797896

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2026
Vulnerability Reserved
Apr 25, 2026

Credit

Havook (VulDB User)

VulDB Vulnerability Moderation Team

CVE-2026-7027 Data

JSON

D-link

What is CVE-2026-7027?

Affected Version(s)

References

CVSS V4

Timeline

Credit