CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

CVE-2026-29004

A flaw was found in BusyBox. A heap buffer overflow vulnerability exists in the Dynamic Host Configuration Protocol version 6 DHCPv6 client, specifically within the optiontoenv function. Network-adjacent attackers can exploit this by sending a crafted DHCPv6 response containing a malformed...

EUVD-2026-31948

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

EUVD-2026-30202

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability i...

CVE-2026-34960

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

SUSE CVE-2026-29004

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

CVE-2026-42511

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

CVE-2026-7424

CVE-2026-7424 describes an integer underflow in the DHCPv6 sub-option parser of FreeRTOS-Plus-TCP. The issue affects FreeRTOS-Plus-TCP versions before V4.4.1 and before V4.2.6, and is triggered when DHCPv6 is enabled. An adjacent network actor can exploit the underflow by sending a crafted DHCPv6...

CVE-2026-7067 D-Link DIR-822 udhcpd DHCP Service dhcpd.c system command injection

A vulnerability was determined in D-Link DIR-822 A101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-21919

Summary: CVE-2026-21919 describes an Incorrect Synchronization vulnerability in Juniper mgd (management daemon) on Junos OS and Junos OS Evolved. When NETCONF sessions are rapidly opened and closed, a locking issue can cause mgd processes to hang in a lockf state, eventually hitting the maximum p...

[SECURITY] Fedora 42 Update: kea-3.0.3-1.fc42

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

PT-2026-22777

Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb Web Version 2.1.53, OS 20231011 Description A command injection issue exists in the DHCP activation feature. Successful exploitation allows attackers to execute arbitrary commands with root privileges. The vulnerabl...

PT-2026-6722

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 Description A weakness exists in D-Link DIR-605L and DIR-619L routers. The issue is related to an unknown function...

PT-2026-3285

Name of the Vulnerable Software and Affected Versions DHCP Broadband version 4.1.0.1503 Description The software contains an unquoted service path vulnerability in its service configuration. This allows local attackers to execute code with elevated privileges. The vulnerable path is located at...

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved code-related issues and vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of the American company Juniper Networks. Juniper Networks Junos OS is a network operating system specifically designed for the company’s hardware devices. This operating system provides secure programming interface...

CVE-2025-15229 Tenda CH22 DhcpListClient fromDhcpListClient denial of service

A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclos...

CVE-2023-53908

CVE-2023-53908 affects Belden HiSecOS 04.0.01. A privilege-escalation flaw allows authenticated users to modify their access role via crafted XML in NETCONF payloads sent to the /mops_data endpoint, elevating to administrative level. Affected component: XML-based NETCONF configuration handling; r...

PT-2025-51946

Name of the Vulnerable Software and Affected Versions HiSecOS version 04.0.01 Description The software contains a flaw that allows authenticated users to change their access level. This is possible through specially crafted XML payloads sent to the /mops data API endpoint using NETCONF...

OESA-2025-2843 dhcp security update

The Dynamic Host Configuration Protocol DHCP is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks. Security Fixes: Unde...

Siemens SIMATIC S7-1500 Authentication Bypass by Spoofing (CVE-2020-13529)

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. Th...