CVE-2021-46108
MEDIUMD-Link DSL-2730E CT-20131125 - Cross-Site Scripting via Username Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-46108. PoCs published by g-rubert.
AI-analyzed exploit summary This repository contains a writeup for CVE-2021-46108, a stored XSS vulnerability in D-Link DSL-2730E routers. The vulnerability allows XSS via the username parameter in the maintenance configuration page.
Description
D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.
Exploits (1)
nomisec
WRITEUP
by g-rubert · poc
https://github.com/g-rubert/CVE-2021-46108
This repository contains a writeup for CVE-2021-46108, a stored XSS vulnerability in D-Link DSL-2730E routers. The vulnerability allows XSS via the username parameter in the maintenance configuration page.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
D-Link DSL-2730E CT-20131125
Auth required
Prerequisites:
Access to the router's maintenance configuration page · Valid credentials for authentication
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.dlink.com/en/security-bulletin/
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/g-rubert/CVE-2021-46108
Scores
CVSS v3
5.4
EPSS
0.0080
EPSS Percentile
51.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
dlink/dsl-2730e_firmware
ct-20131125
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026