Vulnerability Details : CVE-2011-2716
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
Vulnerability category: Input validation
Products affected by CVE-2011-2716
- cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.0:pre1:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre9:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre8:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre5:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre4:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre3:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre10:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre2:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre1:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre7:*:*:*:*:*:*
- cpe:2.3:a:busybox:busybox:1.0.0:pre6:*:*:*:*:*:*
- cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*
Threat overview for CVE-2011-2716
Top countries where our scanners detected CVE-2011-2716
Top open port discovered on systems with this issue
80
IPs affected by CVE-2011-2716 882,914
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-2716!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-2716
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2716
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:A/AC:H/Au:N/C:C/I:C/A:C |
3.2
|
10.0
|
NIST |
CWE ids for CVE-2011-2716
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2716
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:129
mandriva.com
-
https://bugs.busybox.net/show_bug.cgi?id=3979
3979 – udhcpc should filter out malicious hostnames passed in option 0x0cPatch
-
https://support.t-mobile.com/docs/DOC-21994
Wi-Fi CellSpot Router setup & help | T-Mobile Support
-
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials ≈ Packet Storm
-
http://seclists.org/fulldisclosure/2020/Aug/20
Full Disclosure: SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S
-
http://rhn.redhat.com/errata/RHSA-2012-0810.html
RHSA-2012:0810 - Security Advisory - Red Hat Customer Portal
-
http://downloads.avaya.com/css/P8/documents/100158840
ASA-2012-117 (RHSA-2012-0308)
-
http://www.busybox.net/news.html
BusyBox
-
https://seclists.org/bugtraq/2019/Jun/14
Bugtraq: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
-
http://www.securityfocus.com/bid/48879
BusyBox 'udhcpc' Shell Characters in Response Remote Code Execution Vulnerability
-
http://seclists.org/fulldisclosure/2019/Jun/18
Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
Jump to