CVE-2025-14659

D-Link DIR-860LB1/DIR-868LB1 DHCP command injection

CVSS 8.7 HIGHEPSS 3.4%CWE-74 CWE-77

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 3.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Produtos afetados

D-Link · DIR-860LB1 D-Link · DIR-868LB1

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tzh00203.notion.site/D-Link-DIR-860LB1-v203b03-Command-Injection-in-DHCPd-2c6b5c52018a807eab1ae73dbd95eee3?source=copy_link https://tzh00203.notion.site/D-Link-DIR-868LB1-v203b01-Command-Injection-in-DHCPd-2c8b5c52018a805296c3dea51a7a4070?source=copy_link https://vuldb.com/?ctiid.336391 https://vuldb.com/?id.336391 https://vuldb.com/?submit.713701 https://vuldb.com/?submit.714709 https://www.dlink.com/