EIP-2026-101885

PRE-CVE

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101885. PoCs published by cakes.

AI-analyzed exploit summary This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in the Netis ADSL Router DL4322D RTK 2.1.1. The vulnerability arises from improper input validation in the Dynamic DNS hostname field, allowing an attacker to inject malicious JavaScript code.

Description

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by cakes · textwebappshardware

https://www.exploit-db.com/exploits/45422

View Code ZIP pw:eip

This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in the Netis ADSL Router DL4322D RTK 2.1.1. The vulnerability arises from improper input validation in the Dynamic DNS hostname field, allowing an attacker to inject malicious JavaScript code.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Netis ADSL Router DL4322D RTK 2.1.1

Auth required

Prerequisites: Access to the router's web interface · Valid session cookie

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026