CVE-2016-10699

Name of the Vulnerable Software and Affected Versions D-Link DSL-2740E version 1.00 BG 20150720

Description The issue allows for persistent XSS attacks through the username and password fields. A remote unauthenticated user can craft logins and passwords with script tags, which can affect an unaware logged-in administrator when checking the router logs, due to the lack of sanitization in the input fields.

Recommendations For D-Link DSL-2740E version 1.00 BG 20150720, as a temporary workaround, consider disabling the login functionality until a patch is available, and restrict access to the router logs to minimize the risk of exploitation. Avoid using the username and password fields in the affected login form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.