CVE-2025-14659
Remote Command Injection in D-Link DIR-860LB1 DHCP Daemon
Publication date: 2025-12-14
Last updated on: 2026-03-08
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-868l_b1_firmware | to 203b01 (inc) |
| dlink | dir-860l_b1_firmware | to 203b03 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a command injection flaw in the DHCP daemon service of D-Link DIR-860LB1 and DIR-868LB1 routers (firmware versions 203b01 and 203b03). It occurs because the DHCP hostname parameter is improperly handled and directly concatenated into system commands without proper sanitization. An attacker can exploit this by sending a maliciously crafted hostname during DHCP lease renewal, causing arbitrary commands to be executed with root-level privileges on the device remotely. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows an attacker to gain full control over the affected router remotely. This means the attacker can execute arbitrary commands with root privileges, compromising the confidentiality, integrity, and availability of the device. Such control could lead to network disruption, interception or manipulation of network traffic, and potentially using the router as a foothold for further attacks within the network. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring DHCP lease renewal requests for suspicious or malformed hostname parameters that may contain command injection payloads. Since the vulnerability involves the DHCP daemon processing the hostname argument, inspecting DHCP traffic for unusual hostnames or unexpected command characters may help. However, no specific detection commands or tools are provided in the available resources. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected D-Link DIR-860LB1 and DIR-868LB1 devices running firmware versions 203b01 or 203b03 with alternative products, as no known countermeasures or patches are currently available. Avoid exposing the DHCP service to untrusted networks and monitor for suspicious DHCP traffic to reduce risk. [2]