CVE-2025-69542

Name of the Vulnerable Software and Affected Versions D-Link DIR895LA1 version 102b07

Description A Command Injection issue has been identified in the DHCP daemon service. The issue resides in the lease renewal process where the DHCP hostname parameter is incorporated into a system command without sufficient validation. By sending a DHCP lease renewal request with a crafted hostname, an attacker can execute arbitrary commands with root privileges.

Recommendations Update to a newer version of D-Link DIR895LA1 that addresses this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.