CVE-2026-11834

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

EUVD-2026-38339

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

CVE-2025-70102

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, the code performs a member access on a NULL pointer of type 'struct dhcpopt' when an unexpected/invalid option token or parsing state caus...

CVE-2026-45160 ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1 of ESP-IDF contain buffer overflow vulnerabilities. These vulnerabilities stem from an out-of-bounds read issue in the DHCP server option...

CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

CLSA-2026-1776960429 busybox: Fix of 4 CVEs

CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...

busybox: Fix of 4 CVEs

CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...

CVE-2025-59960

CVE-2025-59960 affects Juniper Networks Junos OS and Junos OS Evolved. The vulnerability arises in the DHCP service (jdhcpd) where the default DHCP relay behavior allows Option 82 information from a client in one subnet to reach the DHCP server unmodified, enabling a DHCP client to exhaust addres...

CVE-2020-7461

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient8 fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle ...

CLSA-2025-1764322970 NetworkManager: Fix of CVE-2024-3661

CVE-2024-3661: fix TunnelVision vulnerability by preventing DHCP option 121 route manipulation that could bypass VPN encryption and leak traffic...

CVE-2025-12200

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

CVE-2025-12200

...

PT-2025-43758

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.73rc6 Description A flaw exists in dnsmasq related to the parse dhcp opt function within the Config File Handler component, specifically in the file src/option.c. Manipulation of the argument m can lead to a null...

EUVD-2018-0997

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-7912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getoption function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship...

CVE-2025-21591

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service DoS...

CVE-2025-30644 Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator FPC of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and...

CVE-2025-30644 Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator FPC of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and...