6.8

CVE-2011-2716

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.

Data is provided by the National Vulnerability Database (NVD)
T-mobileTm-ac1900 Version3.0.0.4.376_3169
BusyboxBusybox Version <= 1.19.4
BusyboxBusybox Version0.60.5
BusyboxBusybox Version1.00
BusyboxBusybox Version1.0.0 Updatepre1
BusyboxBusybox Version1.0.0 Updatepre10
BusyboxBusybox Version1.0.0 Updatepre2
BusyboxBusybox Version1.0.0 Updatepre3
BusyboxBusybox Version1.0.0 Updatepre4
BusyboxBusybox Version1.0.0 Updatepre5
BusyboxBusybox Version1.0.0 Updatepre6
BusyboxBusybox Version1.0.0 Updatepre7
BusyboxBusybox Version1.0.0 Updatepre8
BusyboxBusybox Version1.0.0 Updatepre9
BusyboxBusybox Version1.0.0 Updaterc1
BusyboxBusybox Version1.0.0 Updaterc2
BusyboxBusybox Version1.0.0 Updaterc3
BusyboxBusybox Version1.01
BusyboxBusybox Version1.1.0
BusyboxBusybox Version1.1.0 Updatepre1
BusyboxBusybox Version1.1.1
BusyboxBusybox Version1.1.2
BusyboxBusybox Version1.1.3
BusyboxBusybox Version1.2.0
BusyboxBusybox Version1.2.1
BusyboxBusybox Version1.2.2
BusyboxBusybox Version1.2.2.1
BusyboxBusybox Version1.3.0
BusyboxBusybox Version1.3.1
BusyboxBusybox Version1.3.2
BusyboxBusybox Version1.4.0
BusyboxBusybox Version1.4.1
BusyboxBusybox Version1.4.2
BusyboxBusybox Version1.5.0
BusyboxBusybox Version1.5.1
BusyboxBusybox Version1.6.0
BusyboxBusybox Version1.6.1
BusyboxBusybox Version1.7.0
BusyboxBusybox Version1.7.1
BusyboxBusybox Version1.7.2
BusyboxBusybox Version1.7.3
BusyboxBusybox Version1.8.0
BusyboxBusybox Version1.8.1
BusyboxBusybox Version1.8.2
BusyboxBusybox Version1.9.0
BusyboxBusybox Version1.9.1
BusyboxBusybox Version1.9.2
BusyboxBusybox Version1.10.0
BusyboxBusybox Version1.10.1
BusyboxBusybox Version1.10.2
BusyboxBusybox Version1.10.3
BusyboxBusybox Version1.10.4
BusyboxBusybox Version1.11.0
BusyboxBusybox Version1.11.1
BusyboxBusybox Version1.11.2
BusyboxBusybox Version1.11.3
BusyboxBusybox Version1.12.0
BusyboxBusybox Version1.12.1
BusyboxBusybox Version1.12.2
BusyboxBusybox Version1.12.3
BusyboxBusybox Version1.12.4
BusyboxBusybox Version1.13.0
BusyboxBusybox Version1.13.1
BusyboxBusybox Version1.13.2
BusyboxBusybox Version1.13.3
BusyboxBusybox Version1.13.4
BusyboxBusybox Version1.14.0
BusyboxBusybox Version1.14.1
BusyboxBusybox Version1.14.2
BusyboxBusybox Version1.14.3
BusyboxBusybox Version1.14.4
BusyboxBusybox Version1.15.0
BusyboxBusybox Version1.15.1
BusyboxBusybox Version1.15.2
BusyboxBusybox Version1.15.3
BusyboxBusybox Version1.16.0
BusyboxBusybox Version1.16.1
BusyboxBusybox Version1.16.2
BusyboxBusybox Version1.17.0
BusyboxBusybox Version1.17.1
BusyboxBusybox Version1.17.2
BusyboxBusybox Version1.17.3
BusyboxBusybox Version1.17.4
BusyboxBusybox Version1.18.0
BusyboxBusybox Version1.18.1
BusyboxBusybox Version1.18.2
BusyboxBusybox Version1.18.3
BusyboxBusybox Version1.18.4
BusyboxBusybox Version1.18.5
BusyboxBusybox Version1.19.0
BusyboxBusybox Version1.19.2
BusyboxBusybox Version1.19.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.71% 0.713
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 3.2 10
AV:A/AC:H/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.