Vulnerability Description
A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-868L B1 Firmware | <= 203b01 |
| Dlink | Dir-868L B1 | - |
| Dlink | Dir-860L B1 Firmware | <= 203b03 |
| Dlink | Dir-860L B1 | - |
Related Weaknesses (CWE)
References
- https://tzh00203.notion.site/D-Link-DIR-860LB1-v203b03-Command-Injection-in-DHCPExploitMitigationThird Party Advisory
- https://tzh00203.notion.site/D-Link-DIR-868LB1-v203b01-Command-Injection-in-DHCPExploitMitigationThird Party Advisory
- https://vuldb.com/?ctiid.336391Permissions RequiredVDB Entry
- https://vuldb.com/?id.336391Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.713701Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.714709Third Party AdvisoryVDB Entry
- https://www.dlink.com/Product
FAQ
What is CVE-2025-14659?
CVE-2025-14659 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in comma...
How severe is CVE-2025-14659?
CVE-2025-14659 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14659?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-868L B1 Firmware, Dlink Dir-868L B1, Dlink Dir-860L B1 Firmware, Dlink Dir-860L B1.