Lucene search

[email protected]CVE-2018-8941

HistoryApr 03, 2018 - 11:29 p.m.

CVE-2018-8941

2018-04-0323:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2018-8941

d-link

dsl-3782

firmware

buffer overflow

remote code execution

http

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

68.0%

JSON

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the ‘set Diagnostics_Entry’ function in an HTTP request, related to /userfs/bin/tcapi.

Affected configurations

NVD

Node

d-linkdsl-3782_firmwareMatch1.01

AND

dlinkdsl-3782Match-

CPENameOperatorVersion
d-link:dsl-3782_firmwared-link dsl-3782 firmwareeq1.01

CPE	Name	Operator	Version
d-link:dsl-3782_firmware	d-link dsl-3782 firmware	eq	1.01

References

github.com/SECFORCE/CVE-2018-8941

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2018-8941

nvd1 seebug1 prion1 cvelist1