Submit #805642: https://www.dlink.com/ M60 AX6000 Wi-Fi 6 Smart Mesh Router Firmware: V1.20B02 Translation Authentication Bypass + Encrypted Integrity Check Byinfo

Titlehttps://www.dlink.com/ M60 AX6000 Wi-Fi 6 Smart Mesh Router Firmware: V1.20B02 Translation Authentication Bypass + Encrypted Integrity Check By
DescriptionThe administrator password can be modified without the original admin password, solely through remote HTTP requests, and login verification with the new password can be successfully completed. This vulnerability does not rely on capturing passwords from the firmware environment or reading local secrets.
Source⚠️ https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1
User
 iam0range (UID 97381)
Submission04/15/2026 11:46 (3 months ago)
Moderation04/30/2026 21:08 (15 days later)
StatusAccepted
VulDB entry360362 [D-Link M60 up to 1.20B02 /usr/bin/httpd password recovery]
Points17

Do you want to use VulDB in your project?

Use the official API to access entries easily!