CVE-2025-14659

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-860LB1 version 203b01 D-Link DIR-868LB1 version 203b01 D-Link DIR-860LB1 version 203b03 D-Link DIR-868LB1 version 203b03

Description A flaw exists in the DHCP Daemon component of the routers. Manipulation of the

Hostname

argument can lead to command injection, allowing for remote attacks. The exploit for this issue is publicly available.

Recommendations For D-Link DIR-860LB1 version 203b01, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For D-Link DIR-868LB1 version 203b01, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For D-Link DIR-860LB1 version 203b03, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For D-Link DIR-868LB1 version 203b03, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2025-14659

Affected Products

Dir-860Lb1

Dir-868Lb1

CVE-2025-14659

Weakness Enumeration

Related Identifiers

Affected Products

References · 14