| 제목 | D-Link DIR822A_101 A_101 Buffer Overflow |
|---|
| 설명 | An unauthenticated command injection vulnerability exists in the `udhcpd` DHCP service used by D-Link DIR-822 A1 firmware. While processing a `DHCPREQUEST` packet, the server reads the client-supplied hostname from DHCP Option 12 and concatenates it into a shell command that is executed via `system()` without sanitization.
As a result, an attacker on the local network can send a crafted DHCP packet containing shell metacharacters in the hostname field and trigger arbitrary command execution on the router. |
|---|
| 원천 | ⚠️ https://tzh00203.notion.site/D-Link-DIR-822-A1-Command-Injection-in-udhcpd-via-DHCP-Hostname-337b5c52018a80d9b638d0fa59969e6b |
|---|
| 사용자 | tian (UID 93438) |
|---|
| 제출 | 2026. 04. 07. PM 01:03 (20 날 ago) |
|---|
| 모더레이션 | 2026. 04. 26. AM 09:27 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359642 [D-Link DIR-822 A_101 udhcpd DHCP Service /udhcpcd/dhcpd.c system 호스트 이름 권한 상승] |
|---|
| 포인트들 | 17 |
|---|