CVE-2018-3963

Name of the Vulnerable Software and Affected Versions CUJO Smart Firewall (affected versions not specified)

Description A command injection issue exists in the DHCP daemon configuration. When adding a new static DHCP address, the corresponding hostname is inserted into the dhcpd.conf file without sanitization, allowing for arbitrary execution of system commands. An attacker can trigger this issue by sending a DHCP request message and setting up the corresponding static DHCP entry.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.