CVE-2011-2716

busybox: udhcpc insufficient checking of DHCP options

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.

El cliente DHCP (udhcpc) en BusyBox anterior a v1.20.0 permite a servidores DHCP remotos ejecutar comandos arbitrarios mediante una shell de metacaracteres en el (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, y (4) las opciones de nombre de host TFTP_SERVER_NAME

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Adjacent

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-07-11 CVE Reserved
2012-02-21 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (14)

URL	Tag	Source
http://downloads.avaya.com/css/P8/documents/100158840	X_refsource_confirm
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html	X_refsource_misc
http://seclists.org/fulldisclosure/2019/Jun/18	Mailing List
http://seclists.org/fulldisclosure/2020/Aug/20	Mailing List
http://www.busybox.net/news.html	X_refsource_confirm
http://www.securityfocus.com/bid/48879	Vdb Entry
https://seclists.org/bugtraq/2019/Jun/14	Mailing List
https://support.t-mobile.com/docs/DOC-21994	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
https://bugs.busybox.net/show_bug.cgi?id=3979	2020-08-27

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2012-0810.html	2020-08-27
http://secunia.com/advisories/45363	2020-08-27
http://www.mandriva.com/security/advisories?name=MDVSA-2012:129	2020-08-27
https://access.redhat.com/security/cve/CVE-2011-2716	2012-06-19
https://bugzilla.redhat.com/show_bug.cgi?id=725364	2012-06-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
T-mobile Search vendor "T-mobile"		Tm-ac1900 Search vendor "T-mobile" for product "Tm-ac1900"				3.0.0.4.376_3169 Search vendor "T-mobile" for product "Tm-ac1900" and version "3.0.0.4.376_3169"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				<= 1.19.4 Search vendor "Busybox" for product "Busybox" and version " <= 1.19.4"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				0.60.5 Search vendor "Busybox" for product "Busybox" and version "0.60.5"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.00 Search vendor "Busybox" for product "Busybox" and version "1.00"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre1		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre10		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre2		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre3		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre4		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre5		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre6		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre7		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre8		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		pre9		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		rc1		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		rc2		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.0.0 Search vendor "Busybox" for product "Busybox" and version "1.0.0"		rc3		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.01 Search vendor "Busybox" for product "Busybox" and version "1.01"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.1.0 Search vendor "Busybox" for product "Busybox" and version "1.1.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.1.0 Search vendor "Busybox" for product "Busybox" and version "1.1.0"		pre1		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.1.1 Search vendor "Busybox" for product "Busybox" and version "1.1.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.1.2 Search vendor "Busybox" for product "Busybox" and version "1.1.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.1.3 Search vendor "Busybox" for product "Busybox" and version "1.1.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.2.0 Search vendor "Busybox" for product "Busybox" and version "1.2.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.2.1 Search vendor "Busybox" for product "Busybox" and version "1.2.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.2.2 Search vendor "Busybox" for product "Busybox" and version "1.2.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.2.2.1 Search vendor "Busybox" for product "Busybox" and version "1.2.2.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.3.0 Search vendor "Busybox" for product "Busybox" and version "1.3.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.3.1 Search vendor "Busybox" for product "Busybox" and version "1.3.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.3.2 Search vendor "Busybox" for product "Busybox" and version "1.3.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.4.0 Search vendor "Busybox" for product "Busybox" and version "1.4.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.4.1 Search vendor "Busybox" for product "Busybox" and version "1.4.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.4.2 Search vendor "Busybox" for product "Busybox" and version "1.4.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.5.0 Search vendor "Busybox" for product "Busybox" and version "1.5.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.5.1 Search vendor "Busybox" for product "Busybox" and version "1.5.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.6.0 Search vendor "Busybox" for product "Busybox" and version "1.6.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.6.1 Search vendor "Busybox" for product "Busybox" and version "1.6.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.7.0 Search vendor "Busybox" for product "Busybox" and version "1.7.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.7.1 Search vendor "Busybox" for product "Busybox" and version "1.7.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.7.2 Search vendor "Busybox" for product "Busybox" and version "1.7.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.7.3 Search vendor "Busybox" for product "Busybox" and version "1.7.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.8.0 Search vendor "Busybox" for product "Busybox" and version "1.8.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.8.1 Search vendor "Busybox" for product "Busybox" and version "1.8.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.8.2 Search vendor "Busybox" for product "Busybox" and version "1.8.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.9.0 Search vendor "Busybox" for product "Busybox" and version "1.9.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.9.1 Search vendor "Busybox" for product "Busybox" and version "1.9.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.9.2 Search vendor "Busybox" for product "Busybox" and version "1.9.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.10.0 Search vendor "Busybox" for product "Busybox" and version "1.10.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.10.1 Search vendor "Busybox" for product "Busybox" and version "1.10.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.10.2 Search vendor "Busybox" for product "Busybox" and version "1.10.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.10.3 Search vendor "Busybox" for product "Busybox" and version "1.10.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.10.4 Search vendor "Busybox" for product "Busybox" and version "1.10.4"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.11.0 Search vendor "Busybox" for product "Busybox" and version "1.11.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.11.1 Search vendor "Busybox" for product "Busybox" and version "1.11.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.11.2 Search vendor "Busybox" for product "Busybox" and version "1.11.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.11.3 Search vendor "Busybox" for product "Busybox" and version "1.11.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.12.0 Search vendor "Busybox" for product "Busybox" and version "1.12.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.12.1 Search vendor "Busybox" for product "Busybox" and version "1.12.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.12.2 Search vendor "Busybox" for product "Busybox" and version "1.12.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.12.3 Search vendor "Busybox" for product "Busybox" and version "1.12.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.12.4 Search vendor "Busybox" for product "Busybox" and version "1.12.4"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.13.0 Search vendor "Busybox" for product "Busybox" and version "1.13.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.13.1 Search vendor "Busybox" for product "Busybox" and version "1.13.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.13.2 Search vendor "Busybox" for product "Busybox" and version "1.13.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.13.3 Search vendor "Busybox" for product "Busybox" and version "1.13.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.13.4 Search vendor "Busybox" for product "Busybox" and version "1.13.4"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.14.0 Search vendor "Busybox" for product "Busybox" and version "1.14.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.14.1 Search vendor "Busybox" for product "Busybox" and version "1.14.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.14.2 Search vendor "Busybox" for product "Busybox" and version "1.14.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.14.3 Search vendor "Busybox" for product "Busybox" and version "1.14.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.14.4 Search vendor "Busybox" for product "Busybox" and version "1.14.4"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.15.0 Search vendor "Busybox" for product "Busybox" and version "1.15.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.15.1 Search vendor "Busybox" for product "Busybox" and version "1.15.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.15.2 Search vendor "Busybox" for product "Busybox" and version "1.15.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.15.3 Search vendor "Busybox" for product "Busybox" and version "1.15.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.16.0 Search vendor "Busybox" for product "Busybox" and version "1.16.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.16.1 Search vendor "Busybox" for product "Busybox" and version "1.16.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.16.2 Search vendor "Busybox" for product "Busybox" and version "1.16.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.17.0 Search vendor "Busybox" for product "Busybox" and version "1.17.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.17.1 Search vendor "Busybox" for product "Busybox" and version "1.17.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.17.2 Search vendor "Busybox" for product "Busybox" and version "1.17.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.17.3 Search vendor "Busybox" for product "Busybox" and version "1.17.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.17.4 Search vendor "Busybox" for product "Busybox" and version "1.17.4"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.18.0 Search vendor "Busybox" for product "Busybox" and version "1.18.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.18.1 Search vendor "Busybox" for product "Busybox" and version "1.18.1"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.18.2 Search vendor "Busybox" for product "Busybox" and version "1.18.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.18.3 Search vendor "Busybox" for product "Busybox" and version "1.18.3"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.18.4 Search vendor "Busybox" for product "Busybox" and version "1.18.4"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.18.5 Search vendor "Busybox" for product "Busybox" and version "1.18.5"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.19.0 Search vendor "Busybox" for product "Busybox" and version "1.19.0"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.19.2 Search vendor "Busybox" for product "Busybox" and version "1.19.2"		-		Affected
Busybox Search vendor "Busybox"		Busybox Search vendor "Busybox" for product "Busybox"				1.19.3 Search vendor "Busybox" for product "Busybox" and version "1.19.3"		-		Affected