{"api_version":"1","generated_at":"2026-04-26T12:14:38+00:00","cve":"CVE-2026-7026","urls":{"html":"https://cve.report/CVE-2026-7026","api":"https://cve.report/api/cve/CVE-2026-7026.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-7026","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-7026"},"summary":{"title":"D-Link DGS-3420 System Information Settings cross site scripting","description":"A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-04-26 08:16:01","updated_at":"2026-04-26 08:16:01"},"problem_types":["CWE-79","CWE-94","CWE-79 Cross Site Scripting","CWE-94 Code Injection"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"5.4","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"6.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P","data":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Primary","score":"4.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"4.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R","data":{"baseScore":4.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"4.5","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R","data":{"baseScore":4.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"6.1","severity":"","vector":"AV:N/AC:L/Au:M/C:N/I:C/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:C/A:N","baseScore":6.1,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"NONE"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"6.1","severity":"","vector":"AV:N/AC:L/Au:M/C:N/I:C/A:N/E:POC/RL:ND/RC:UR","data":{"baseScore":6.1,"vectorString":"AV:N/AC:L/Au:M/C:N/I:C/A:N/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://vuldb.com/vuln/359606","name":"https://vuldb.com/vuln/359606","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.dlink.com/","name":"https://www.dlink.com/","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/submit/797877","name":"https://vuldb.com/submit/797877","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/359606/cti","name":"https://vuldb.com/vuln/359606/cti","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-7026","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7026","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"D-Link","product":"DGS-3420","version":"affected 1.50.018","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-04-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-04-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-04-25T16:19:10.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Fergod (VulDB User)","lang":"en"},{"source":"CNA","value":"VulDB Vulnerability Moderation Team","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"modules":["System Information Settings Page"],"product":"DGS-3420","vendor":"D-Link","versions":[{"status":"affected","version":"1.50.018"}]}],"credits":[{"lang":"en","type":"reporter","value":"Fergod (VulDB User)"},{"lang":"en","type":"coordinator","value":"VulDB Vulnerability Moderation Team"}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized."}],"metrics":[{"cvssV4_0":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":4.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":4.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":6.1,"vectorString":"AV:N/AC:L/Au:M/C:N/I:C/A:N/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"Cross Site Scripting","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-94","description":"Code Injection","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-26T07:15:12.717Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-359606 | D-Link DGS-3420 System Information Settings cross site scripting","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/359606"},{"name":"VDB-359606 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/359606/cti"},{"name":"Submit #797877 | D-Link DGS-3420-28TC 1.50.018 Cross Site Scripting","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/797877"},{"tags":["product"],"url":"https://www.dlink.com/"}],"timeline":[{"lang":"en","time":"2026-04-25T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-04-25T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-04-25T16:19:10.000Z","value":"VulDB entry last update"}],"title":"D-Link DGS-3420 System Information Settings cross site scripting"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-7026","datePublished":"2026-04-26T07:15:12.717Z","dateReserved":"2026-04-25T14:13:55.932Z","dateUpdated":"2026-04-26T07:15:12.717Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-26 08:16:01","lastModifiedDate":"2026-04-26 08:16:01","problem_types":["CWE-79","CWE-94","CWE-79 Cross Site Scripting","CWE-94 Code Injection"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:C/A:N","baseScore":6.1,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"7026","Ordinal":"1","Title":"D-Link DGS-3420 System Information Settings cross site scripting","CVE":"CVE-2026-7026","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"7026","Ordinal":"1","NoteData":"A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.","Type":"Description","Title":"D-Link DGS-3420 System Information Settings cross site scripting"}]}}}