| Title | D-Link DIR-860LB1 v203b03 Command Injection |
|---|
| Description | A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR-860LB1_v203b03. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges. |
|---|
| Source | ⚠️ https://tzh00203.notion.site/D-Link-DIR-860LB1-v203b03-Command-Injection-in-DHCPd-2c6b5c52018a807eab1ae73dbd95eee3?source=copy_link |
|---|
| User | tian (UID 93438) |
|---|
| Submission | 12/12/2025 04:11 (4 months ago) |
|---|
| Moderation | 12/13/2025 14:20 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 336391 [D-Link DIR-860LB1/DIR-868LB1 203b01/203b03 DHCP Daemon Hostname command injection] |
|---|
| Points | 17 |
|---|