CVE-2026-7554: Weak Password Recovery in D-Link M60
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
AI Analysis
Technical Summary
This vulnerability in D-Link M60 firmware version 1.20B02 allows remote attackers to manipulate an unknown functionality within the /usr/bin/httpd file, resulting in weak password recovery mechanisms. The attack vector is network-based (AV:N) and requires high complexity (AC:H) with no privileges or user interaction needed. The vulnerability has low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The exploit has been publicly disclosed but is difficult to execute, and no official fix or mitigation has been documented.
Potential Impact
Successful exploitation could allow an attacker to bypass or weaken the password recovery process remotely, potentially leading to unauthorized access. However, the impact on confidentiality, integrity, and availability is rated low, and exploitation complexity is high. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, monitor vendor communications for updates. Given the high complexity and low impact, immediate urgent action may not be required, but caution is advised.
CVE-2026-7554: Weak Password Recovery in D-Link M60
Description
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
CVSS v4.0
Score 6.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in D-Link M60 firmware version 1.20B02 allows remote attackers to manipulate an unknown functionality within the /usr/bin/httpd file, resulting in weak password recovery mechanisms. The attack vector is network-based (AV:N) and requires high complexity (AC:H) with no privileges or user interaction needed. The vulnerability has low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The exploit has been publicly disclosed but is difficult to execute, and no official fix or mitigation has been documented.
Potential Impact
Successful exploitation could allow an attacker to bypass or weaken the password recovery process remotely, potentially leading to unauthorized access. However, the impact on confidentiality, integrity, and availability is rated low, and exploitation complexity is high. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, monitor vendor communications for updates. Given the high complexity and low impact, immediate urgent action may not be required, but caution is advised.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-30T19:07:48.377Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f43f5bcbff5d86106a0788
Added to database: 5/1/2026, 5:51:23 AM
Last enriched: 5/9/2026, 2:11:07 AM
Last updated: 6/15/2026, 10:31:07 AM
Views: 92
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.