CVE-2026-7554

EUVD-2026-26480
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.6 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
dlinkm60_firmware
1.20b02:b02
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://vuldb.com/submit/805642
https://vuldb.com/vuln/360362
https://vuldb.com/vuln/360362/cti
https://www.dlink.com/
https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1