Unrated severityNVD Advisory· Published Jan 9, 2026· Updated Jan 12, 2026

CVE-2025-69542

Description

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.

Affected products

D-Link/DIR895LA1description
Dlink/DIR895LA1llm-create
Range: = v102b07

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tzh00203.notion.site/D-Link-DIR895LA1-v102b07-Command-Injection-in-DHCPd-2d4b5c52018a80a1a5ccfb317b308861mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000