CVE-2020-26131

HIGH

Open DHCP Server 1.75 and Open DHCP Server (LDAP Based) 0.1Beta - Privilege Escalation via Binary Replacement

Title source: llm

Description

Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary.

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/an0ry/advisories

Product

https://sourceforge.net/projects/dhcpserver/

Various Sources

https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26131.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0042

EPSS Percentile 33.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (2)

open_dhcp_server_project/open_dhcp_server 0.1 beta

open_dhcp_server_project/open_dhcp_server 1.75

Published Oct 28, 2020

Tracked Since Feb 18, 2026