CVE-2025-14659
Unknown Unknown - Not Provided
Remote Command Injection in D-Link DIR-860LB1 DHCP Daemon

Publication date: 2025-12-14

Last updated on: 2026-03-08

Assigner: VulDB

Description
A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-14
Last Modified
2026-03-08
Generated
2026-06-16
AI Q&A
2025-12-14
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14659
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dir-868l_b1_firmware to 203b01 (inc)
dlink dir-860l_b1_firmware to 203b03 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a command injection flaw in the DHCP daemon service of D-Link DIR-860LB1 and DIR-868LB1 routers (firmware versions 203b01 and 203b03). It occurs because the DHCP hostname parameter is improperly handled and directly concatenated into system commands without proper sanitization. An attacker can exploit this by sending a maliciously crafted hostname during DHCP lease renewal, causing arbitrary commands to be executed with root-level privileges on the device remotely. [1, 2, 3]

Impact Analysis

Exploitation of this vulnerability allows an attacker to gain full control over the affected router remotely. This means the attacker can execute arbitrary commands with root privileges, compromising the confidentiality, integrity, and availability of the device. Such control could lead to network disruption, interception or manipulation of network traffic, and potentially using the router as a foothold for further attacks within the network. [1, 2, 3]

Detection Guidance

Detection can focus on monitoring DHCP lease renewal requests for suspicious or malformed hostname parameters that may contain command injection payloads. Since the vulnerability involves the DHCP daemon processing the hostname argument, inspecting DHCP traffic for unusual hostnames or unexpected command characters may help. However, no specific detection commands or tools are provided in the available resources. [1, 3]

Mitigation Strategies

Immediate mitigation steps include replacing the affected D-Link DIR-860LB1 and DIR-868LB1 devices running firmware versions 203b01 or 203b03 with alternative products, as no known countermeasures or patches are currently available. Avoid exposing the DHCP service to untrusted networks and monitor for suspicious DHCP traffic to reduce risk. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14659. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart