CVE-2025-14659

Published: Dec 14, 2025Modified: Jun 17, 2026

7.4

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Affected (2)

Products: Dlink: Dir 868l B1 Firmware, Dir 860l B1 Firmware

2 products

Dir 868l B1 Firmware

Dir 860l B1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 868l B1 Firmware	Up to 203b01

Running on/with	Platform Versions
Dlink Dir 868l B1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 860l B1 Firmware	Up to 203b03

Running on/with	Platform Versions
Dlink Dir 860l B1	All versions

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (7)

https://tzh00203.notion.site/D-Link-DIR-860LB1-v203b03-Command-Injection-in-DHCPd-2c6b5c52018a807eab1ae73dbd95eee3?source=copy_link

Source: cna@vuldb.com

ExploitMitigationThird Party Advisory

https://tzh00203.notion.site/D-Link-DIR-868LB1-v203b01-Command-Injection-in-DHCPd-2c8b5c52018a805296c3dea51a7a4070?source=copy_link

Source: cna@vuldb.com

ExploitMitigationThird Party Advisory

https://vuldb.com/?ctiid.336391

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.336391

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.713701

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.714709

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.dlink.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.