The manufacturer is working on a patch to fix this bug and once they do so, it will automatically be rolled out in the next update. Users of the router will need to download the fix as soon as it is available to be safe.
Cross-site scripting (XSS) enables attackers to inject a client-side script into a targeted web page. Such scripts can rewrite the page content and access cookies, session tokens and other client information. They can be used to bypass access controls such as the same origin policy, which limits the ability of a page to execute a script that is located on another domain.This isn’t the first router vulnerability issue D-Link has had to deal with. In October, researcher Jacob Holcomb even more serious vulnerabilities that could be used to create a backdoor to access several other models of D-Link routers and cameras. Holcomb revealed that codes written for these devices are not as strong as they should.
Because of this lack of attention to detail, manufacturers often leave back doors open for attackers to introduce trojan viruses and other malware. This puts the consumer at risk and at times, the entire network which relies on a camera or router could be compromised.