CVE-2018-10713
published 2018-05-03CVE-2018-10713: An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi'…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dsl-3782_firmware | — | — |
| gnu | patch | >= 0 < 2.7.1-4ubuntu2.4 | 2.7.1-4ubuntu2.4 |
| gnu | patch | >= 0 < 2.7.5-1ubuntu0.16.04.1 | 2.7.5-1ubuntu0.16.04.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM