Unrated severityNVD Advisory· Published Dec 14, 2025· Updated Dec 15, 2025

D-Link DIR-860LB1/DIR-868LB1 DHCP command injection

CVE-2025-14659

Description

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Affected products

Dlink/DIR-860LB1llm-create
Range: 203b01/203b03
Dlink/DIR-868Lllm-fuzzy
Range: 203b01/203b03
D-Link/DIR-860LB1v5
Range: 203b01
D-Link/DIR-868LB1v5
Range: 203b01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tzh00203.notion.site/D-Link-DIR-868LB1-v203b01-Command-Injection-in-DHCPd-2c8b5c52018a805296c3dea51a7a4070mitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitrethird-party-advisory
tzh00203.notion.site/D-Link-DIR-860LB1-v203b03-Command-Injection-in-DHCPd-2c6b5c52018a807eab1ae73dbd95eee3mitrerelated
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.dlink.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000