CVE-2026-7554

LOW EPSS 61.5%
Published May 1, 20261mo ago · Modified Jun 17, 20261w ago
2.9 CVSS 4.0
Low
Find Similar
Published May 1, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.

CVSS Details

Base Score
2.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
61.5% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-640

Affected Products 2

VendorProductVersionRange
dlinkm60_firmware1.20b02any
dlinkm60*any

References 5

  • vuldb.com https://vuldb.com/submit/805642
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/vuln/360362
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/vuln/360362/cti
    Permissions RequiredVDB Entry
  • dlink.com https://www.dlink.com/
    Product
  • yuque.com https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1
    ExploitMitigationThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.