VYPR
Unrated severityNVD Advisory· Published Jan 9, 2026· Updated Jan 12, 2026

CVE-2025-69542

CVE-2025-69542

Description

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.

Affected products

2
  • Dlink/DIR895LA1cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = v102b07

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.