CVE-2026-7554
LOW
2,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
5,6
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
MEDIUM
5,1
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0005
Percentile
0,1th
Updated
EPSS Score Trend (Last 2 Days)
640
Weak Password Recovery Mechanism for Forgotten Password
IncompleteCommon Consequences
Security Scopes Affected:
Access Control
Availability
Integrity
Other
Potential Impacts:
Gain Privileges Or Assume Identity
Dos: Resource Consumption (Other)
Other
Applicable Platforms
All platforms may be affected
https://vuldb.com/submit/805642
https://vuldb.com/vuln/360362
https://vuldb.com/vuln/360362/cti
https://www.dlink.com/
https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1