CVE-2025-69542
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.
Affected (1)
Products: Dlink: Dir 895la1 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 102b07 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 895la1 | All versions |
References (1)
Source: cve@mitre.org
ExploitThird Party Advisory
Timeline
No history available yet.