A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
References
| Link | Resource |
|---|---|
| https://vuldb.com/submit/805642 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/360362 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/360362/cti | Permissions Required VDB Entry |
| https://www.dlink.com/ | Product |
| https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1 | Exploit Mitigation Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
06 May 2026, 18:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://vuldb.com/submit/805642 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/360362 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/360362/cti - Permissions Required, VDB Entry | |
| References | () https://www.dlink.com/ - Product | |
| References | () https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1 - Exploit, Mitigation, Third Party Advisory | |
| CPE | cpe:2.3:o:dlink:m60_firmware:1.20b02:*:*:*:*:*:*:* cpe:2.3:h:dlink:m60:-:*:*:*:*:*:*:* |
|
| First Time |
Dlink m60
Dlink Dlink m60 Firmware |
01 May 2026, 06:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-01 06:16
Updated : 2026-05-06 18:10
NVD link : CVE-2026-7554
Mitre link : CVE-2026-7554
CVE.ORG link : CVE-2026-7554
JSON object : View
Products Affected
dlink
- m60_firmware
- m60
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password