Description

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.

INFO

Published Date :

2026-01-09T00:00:00.000Z

Last Modified :

2026-01-12T16:24:30.945Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69542 vulnerability.

Vendors Products
Dlink
  • Dir-895la1
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69542.

URL Resource
https://tzh00203.notion.site/D-Link-DIR895LA1-v102b07-Command-Injection-in-DHCPd-2d4b5c52018a80a1a5ccfb317b308861?source=copy_link cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System