PT-2025-51161 · D Link · Dir-860Lb1+1
Tian
·
Published
2025-12-14
·
Updated
2026-03-08
·
CVE-2025-14659
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-860LB1 version 203b01
D-Link DIR-868LB1 version 203b01
D-Link DIR-860LB1 version 203b03
D-Link DIR-868LB1 version 203b03
Description
A flaw exists in the DHCP Daemon component of the routers. Manipulation of the
Hostname argument can lead to command injection, allowing for remote attacks. The exploit for this issue is publicly available.Recommendations
For D-Link DIR-860LB1 version 203b01, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For D-Link DIR-868LB1 version 203b01, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For D-Link DIR-860LB1 version 203b03, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For D-Link DIR-868LB1 version 203b03, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dir-860Lb1
Dir-868Lb1