Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2018-8941

Published: 03/04/2018 Updated: 26/04/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to D-link

Vulnerability Summary

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote malicious users to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

d-link dsl-3782_firmware 1.01

Github Repositories

https://github.com/SECFORCE/CVE-2018-8941

D-Link DSL-3782 Code Execution (Proof of Concept)

CVE-2018-8941: D-Link DSL-3782 Code execution (Proof of Concept) Adam Simuntis :: twittercom/adamsimuntis Mindaugas Slusnys :: twittercom/mislusnys The buffer overflow vulnerability was found in the "/userfs/bin/tcapi" binary which is used as a wrapper for the "Diagnostics" functionality in the Web GUI An authenticated user can pass a lon

References

CWE-119https://github.com/SECFORCE/CVE-2018-8941https://nvd.nist.govhttps://github.com/SECFORCE/CVE-2018-8941
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook