TL;DR: Rogue DHCP server uses classless static route option 121 to route VPN-client traffic outside the tunnel without dropping the tunnel (CVE-2024-3661).

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• https://www.leviathansecurity.com/blog/tunnelvision