CVE-2018-10746

Name of the Vulnerable Software and Affected Versions D-Link DSL-3782 EU version 1.01

Description An issue in the Diagnostics component of the D-Link DSL-3782 EU device allows an authenticated user to cause memory corruption by passing a long buffer as a get parameter to the /userfs/bin/tcapi binary using the get <node name attr> function. This can potentially redirect the program's flow and execute arbitrary code. The vulnerability is related to a buffer overflow in the /userfs/bin/tcapi file, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For D-Link DSL-3782 EU version 1.01, consider restricting access to the /userfs/bin/tcapi binary in the Diagnostics component to minimize the risk of exploitation. Avoid using the get parameter with long buffers in the get <node name attr> function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.