Is there a public PoC exploit available for CVE-2026-7554?

Yes, a public proof-of-concept exploit is available for CVE-2026-7554. Prioritise patching immediately. EPSS: 0.0%.

D-Link M60 CVE-2026-7554

Q: What is the CVSS score of CVE-2026-7554?

CVE-2026-7554 has a CVSS 4.0 base score of 2.9 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-26480 LOW

Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

2026-05-01 VulDB

Information Disclosure D-Link

2.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 01, 2026 - 15:26 vuln.today

Public exploit code

Analysis Generated

May 01, 2026 - 06:30 vuln.today

Severity Changed

May 01, 2026 - 06:22 NVD

MEDIUM LOW

CVSS changed

May 01, 2026 - 06:22 NVD

5.6 (MEDIUM) 2.9 (LOW)

EUVD ID Assigned

May 01, 2026 - 06:00 euvd

EUVD-2026-26480

Analysis Generated

May 01, 2026 - 06:00 vuln.today

CVE Published

May 01, 2026 - 04:45 nvd

LOW 2.9

DescriptionNVD

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Weak password recovery in D-Link M60 up to version 1.20B02 allows remote attackers to compromise device authentication through manipulation of the /usr/bin/httpd binary, requiring high attack complexity but with publicly disclosed exploit code available. The vulnerability enables information disclosure and potential unauthorized access to device management functions despite the low CVSS score of 2.9 reflecting limited confidentiality impact.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory