CVE-2018-10747

Name of the Vulnerable Software and Affected Versions D-Link DSL-3782 EU version 1.01

Description An issue in the Diagnostics component of the D-Link DSL-3782 EU device allows an authenticated user to cause memory corruption by passing a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary using the 'unset ' function. This can potentially redirect the program's flow and execute arbitrary code. The vulnerability is related to a buffer overflow in the '/userfs/bin/tcapi' file, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For D-Link DSL-3782 EU version 1.01, as a temporary workaround, consider restricting access to the '/userfs/bin/tcapi' binary in the Diagnostics component to minimize the risk of exploitation. Avoid using the unset parameter with long buffers in the 'unset ' function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.