Unrated severityNVD Advisory· Published Apr 27, 2014· Updated May 6, 2026

CVE-2011-3602

Description

Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.

Affected products

Litech/Router Advertisement Daemon
cpe:2.3:a:litech:router_advertisement_daemon:*:*:*:*:*:*:*:*
Range: <=1.8.1

Patches

92e22ca23e52

set_interface_var() doesn't check interface name and blindly does

https://github.com/reubenhwk/radvdVasiliy KulikovOct 4, 2011via osv

commit

1 file changed · +4 −0

device-linux.c+4 −0 modified

@@ -243,6 +243,10 @@ set_interface_var(const char *iface,
 	if (snprintf(spath, sizeof(spath), var, iface) >= sizeof(spath))
 		return -1;
 
+	/* No path traversal */
+	if (strstr(name, "..") || strchr(name, '/'))
+		return -1;
+
 	if (access(spath, F_OK) != 0)
 		return -1;

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000