Remote Code Execution Vulnerability in BusyBox DHCP Client

Remote Code Execution Vulnerability in BusyBox DHCP Client

CVE-2011-2716 · MEDIUM Severity

AV:A/AC:H/AU:N/C:C/I:C/A:C

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.

Learn more about our Cis Benchmark Audit For Server Software.