Unrated severityNVD Advisory· Published Jul 3, 2012· Updated Apr 29, 2026
CVE-2011-2716
CVE-2011-2716
Description
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
Affected products
92cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*+ 90 more
- cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*range: <=1.19.4
- cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre1:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre10:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre2:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre3:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre4:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre5:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre6:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre7:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre8:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre9:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.0:pre1:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- bugs.busybox.net/show_bug.cginvdPatch
- secunia.com/advisories/45363nvdVendor Advisory
- downloads.avaya.com/css/P8/documents/100158840nvd
- packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0810.htmlnvd
- seclists.org/fulldisclosure/2019/Jun/18nvd
- seclists.org/fulldisclosure/2020/Aug/20nvd
- www.busybox.net/news.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/48879nvd
- seclists.org/bugtraq/2019/Jun/14nvd
- support.t-mobile.com/docs/DOC-21994nvd
News mentions
0No linked articles in our index yet.