Description
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
References (5)
Core 5
Core References
Signature, Permissions Required signature
permissions-required
VDB-360362 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/360362/cti
Third Party Advisory third-party-advisory
Submit #805642 | https://www.dlink.com/ M60 AX6000 Wi-Fi 6 Smart Mesh Router Firmware: V1.20B02 Translation Authentication Bypass + Encrypted Integrity Check By
https://vuldb.com/submit/805642
Exploit exploit
https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1
Product product
https://www.dlink.com/
Scores
CVSS v3
5.6
EPSS
0.0110
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-640
Status
published
Products (2)
D-Link/M60
1.20B02
dlink/m60_firmware
1.20b02
Published
May 01, 2026
Tracked Since
May 01, 2026