CVE-2026-7554
Weak Password Recovery in D-Link M60 Firmware
Publication date: 2026-05-01
Last updated on: 2026-05-06
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | m60_firmware | 1.20b02 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the D-Link M60 device up to version 1.20B02. It involves an unknown functionality within the file /usr/bin/httpd that leads to weak password recovery mechanisms. The vulnerability can be exploited remotely, but requires a high degree of complexity to carry out the attack. Although exploitation is difficult, the exploit has been publicly disclosed and could potentially be used by attackers.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to remotely manipulate the password recovery process, potentially leading to unauthorized access due to weak password recovery. This could compromise the security of the affected device, allowing attackers to gain access or control, which may lead to further exploitation or data breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.