EIP-2026-101655

PRE-CVE

D-Link Routers - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101655. PoCs published by Kyle Lovett.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in D-Link routers, including cleartext password storage, XSS, and sensitive information disclosure. It provides functional curl commands to retrieve admin passwords and exploit XSS via crafted POST requests.

Description

D-Link Routers - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kyle Lovett · textwebappshardware
https://www.exploit-db.com/exploits/33520

The exploit demonstrates multiple vulnerabilities in D-Link routers, including cleartext password storage, XSS, and sensitive information disclosure. It provides functional curl commands to retrieve admin passwords and exploit XSS via crafted POST requests.

Classification
Working Poc 95%
Attack Type
Info Leak | Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR-652, DIR-835, DIR-855L, DGL-5500, DHP-1565 (FW 1.02b18/1.12b02 or older)
No auth needed
Prerequisites: Network access to the target router · curl or similar HTTP client
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026