Lucene search

[email protected]CVE-2018-8941

HistoryApr 03, 2018 - 11:29 p.m.

CVE-2018-8941

2018-04-0323:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2018-8941

d-link

dsl-3782

firmware

buffer overflow

remote code execution

http

security vulnerability

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the ‘set Diagnostics_Entry’ function in an HTTP request, related to /userfs/bin/tcapi.

Affected configurations

NVD

Node

d-linkdsl-3782_firmwareMatch1.01

AND

dlinkdsl-3782Match-

CPENameOperatorVersion
d-link:dsl-3782_firmwared-link dsl-3782 firmwareeq1.01

CPE	Name	Operator	Version
d-link:dsl-3782_firmware	d-link dsl-3782 firmware	eq	1.01

References

github.com/SECFORCE/CVE-2018-8941

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2018-8941

nvd1 seebug1 prion1 cvelist1