Busybox: Security Vulnerabilities
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
CVSS Score
6.8
EPSS Score
0.007
Published
2012-07-03
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
CVSS Score
5.5
EPSS Score
0.0
Published
2006-04-04
Page 5