CVE-2020-26133

HIGH

Dual DHCP DNS Server 7.40 - Privilege Escalation via Executable Replacement

Title source: llm

Description

An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary.

References (3)

Core 3

Core References

Various Sources

https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26133.md

View Writeup ZIP pw:eip

Third Party Advisory

https://github.com/an0ry/advisories

Product

https://sourceforge.net/projects/dhcp-dns-server/

Scores

CVSS v3 7.8

EPSS 0.0033

EPSS Percentile 24.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

dual_dhcp_dns_server_project/dual_dhcp_dns_server 7.40

Published Oct 28, 2020

Tracked Since Feb 18, 2026