D-Link M60 <1.20B02 Weak Password Recovery via /usr/bin/httpd Remote
CVE-2026-7554 Published on May 1, 2026

D-Link M60 httpd password recovery
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.

NVD

Timeline

2026-04-30

Advisory disclosed

2026-04-30

VulDB entry created

2026-04-30

VulDB entry last update

Weakness Type

Weak Password Recovery Mechanism for Forgotten Password

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Affected Versions

D-Link M60 Version 1.20B02 is affected by CVE-2026-7554

D-Link M60 <1.20B02 Weak Password Recovery via /usr/bin/httpd RemoteCVE-2026-7554 Published on May 1, 2026

Timeline

Weakness Type

Weak Password Recovery Mechanism for Forgotten Password

Affected Versions

D-Link M60 <1.20B02 Weak Password Recovery via /usr/bin/httpd Remote
CVE-2026-7554 Published on May 1, 2026