CVE-2018-10713 — Improper Restriction of Operations within the Bounds of a Memory Buffer in D-link Dsl-3782 Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 33.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dsl-3782 Firmware

Timeline

PublishedMay 3

Latest updateMay 14

Description

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read ' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDd-link/dsl-3782_firmware1.01

🔴Vulnerability Details

GHSA

GHSA-v94x-r999-hx7f: An issue was discovered on D-Link DSL-3782 EU 1↗2022-05-14

▶

CVEList

CVE-2018-10713: An issue was discovered on D-Link DSL-3782 EU 1↗2018-05-03

▶

OSV

patch vulnerabilities↗2018-04-10

▶