CVE-2018-8941

CWE-119 — Buffer Overflow3 documents3 sources

Severity

8.8HIGH

EPSS

23.0%

top 4.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dsl-3782 Firmware

Timeline

PublishedApr 3

Latest updateMay 14

Description

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDd-link/dsl-3782_firmware1.01

🔴Vulnerability Details

GHSA

GHSA-rvhx-68h5-664f: Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v↗2022-05-14

▶

CVEList

CVE-2018-8941: Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v↗2018-04-03

▶