CVE-1999-0875

Multiple DHCP Clients - Route Modification via IRDP

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0875. PoCs published by L0pth.

AI-analyzed exploit summary This is a technical writeup discussing the ICMP Router Discovery Protocol (IRDP) vulnerability (CVE-1999-0875), which allows an attacker to spoof IRDP Router Advertisements to manipulate default route entries on vulnerable systems. The writeup includes details on affected systems, conditions for exploitation, and a description of Proof-of-Concept code usage.

Description

DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

Exploits (1)

exploitdb WRITEUP VERIFIED
by L0pth · textremotemultiple
https://www.exploit-db.com/exploits/19451

This is a technical writeup discussing the ICMP Router Discovery Protocol (IRDP) vulnerability (CVE-1999-0875), which allows an attacker to spoof IRDP Router Advertisements to manipulate default route entries on vulnerable systems. The writeup includes details on affected systems, conditions for exploitation, and a description of Proof-of-Concept code usage.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows95 (w/winsock2), Windows95b, Windows98, Windows98se, Windows2000, SunOS/Solaris2.6
No auth needed
Prerequisites: Network access to send spoofed IRDP packets · Victim system with IRDP enabled and vulnerable conditions met
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/578
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ216141

Scores

EPSS 0.1757
EPSS Percentile 96.8%

Details

CWE
CWE-16
Status published
Products (6)
microsoft/windows_2000
microsoft/windows_95 0a
microsoft/windows_95 0b
microsoft/windows_98se
sun/solaris 2.6
sun/sunos
Published Aug 11, 1999
Tracked Since Feb 18, 2026