CVE-2025-60854 | D-Link R15 up to 1.20.01 Password Change model name command injection

A vulnerability has been found in D-Link R15 up to 1.20.01 and classified as critical. The impacted element is an unknown function of the component Password Change Handler. This manipulation of the argument model name causes command injection.

The identification of this vulnerability is CVE-2025-60854. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More