CVE-2026-7554
MEDIUMDescription
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
Is your site exposed to CVE-2026-7554?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dlink | m60_firmware |
| dlink | m60 |
References
Frequently Asked Questions
What is CVE-2026-7554? +
How severe is CVE-2026-7554? +
What products are affected by CVE-2026-7554? +
How do I check if I'm vulnerable to CVE-2026-7554? +
Related Vulnerabilities
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already …
Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server …
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An …
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, …
Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function …
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, …