CVE-2025-69542

Description

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:dlink:dir-895la1_firmware:102b07:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:dlink:dir-895la1:-:*:*:*:*:*:*:* - NOT VULNERABLE

D-Link DIR895LA1 v102b07

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

待提供PoC代码

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-69542
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-69542
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-69542/
[4] VulDB https://vuldb.com/cve/CVE-2025-69542
[5] https://tzh00203.notion.site/D-Link-DIR895LA1-v102b07-Command-Injection-in-DHCPd-2d4b5c52018a80a1a5ccfb317b308861?source=copy_link

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-69542", "sourceIdentifier": "[email protected]", "published": "2026-01-09T17:15:54.140", "lastModified": "2026-02-10T19:48:29.113", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de inyección de comandos en el servicio de demonio DHCP de D-Link DIR895LA1 v102b07. La vulnerabilidad existe en la lógica de procesamiento de renovación de arrendamiento, donde el parámetro de nombre de host DHCP se concatena directamente en un comando del sistema sin una sanitización adecuada. Cuando un cliente DHCP renueva un arrendamiento existente con un nombre de host malicioso, se pueden ejecutar comandos arbitrarios con privilegios de root."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dlink:dir-895la1_firmware:102b07:*:*:*:*:*:*:*", "matchCriteriaId": "B34FB368-3E57-4040-B469-0378035BD7C9"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:dlink:dir-895la1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F296EF6A-FE37-4A4B-BF40-A4B835D95873"}]}]}], "references": [{"url": "https://tzh00203.notion.site/D-Link-DIR895LA1-v102b07-Command-Injection-in-DHCPd-2d4b5c52018a80a1a5ccfb317b308861?source=copy_link", "source": "[email protected]", "tags": ["Third Party Advisory", "Exploit"]}]}}