{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T06:40:49.814","vulnerabilities":[{"cve":{"id":"CVE-2025-69542","sourceIdentifier":"cve@mitre.org","published":"2026-01-09T17:15:54.140","lastModified":"2026-02-10T19:48:29.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges."},{"lang":"es","value":"Se ha descubierto una vulnerabilidad de inyección de comandos en el servicio de demonio DHCP de D-Link DIR895LA1 v102b07. La vulnerabilidad existe en la lógica de procesamiento de renovación de arrendamiento, donde el parámetro de nombre de host DHCP se concatena directamente en un comando del sistema sin una sanitización adecuada. Cuando un cliente DHCP renueva un arrendamiento existente con un nombre de host malicioso, se pueden ejecutar comandos arbitrarios con privilegios de root."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-895la1_firmware:102b07:*:*:*:*:*:*:*","matchCriteriaId":"B34FB368-3E57-4040-B469-0378035BD7C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-895la1:-:*:*:*:*:*:*:*","matchCriteriaId":"F296EF6A-FE37-4A4B-BF40-A4B835D95873"}]}]}],"references":[{"url":"https://tzh00203.notion.site/D-Link-DIR895LA1-v102b07-Command-Injection-in-DHCPd-2d4b5c52018a80a1a5ccfb317b308861?source=copy_link","source":"cve@mitre.org","tags":["Third Party Advisory","Exploit"]}]}}]}