CVE-2021-46108

Name of the Vulnerable Software and Affected Versions D-Link DSL-2730E CT-20131125

Description The issue allows for cross-site scripting (XSS) attacks via the username parameter to the password page in the maintenance configuration. This is due to a lack of protection measures for the web page structure, which can be exploited by a remote attacker to conduct an XSS attack.

Recommendations For D-Link DSL-2730E CT-20131125 devices, as a temporary workaround, consider restricting access to the password page in the maintenance configuration to minimize the risk of exploitation. Avoid using the username parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.