CVE-2018-10749

Name of the Vulnerable Software and Affected Versions D-Link DSL-3782 versions 1.01

Description The issue is related to a buffer overflow in the /userfs/bin/tcapi binary of the Diagnostics component in the D-Link DSL-3782 router's firmware. This can be exploited by passing a long buffer as the commit parameter using the commit <node name> function, allowing a remote attacker to execute arbitrary code and potentially cause memory corruption.

Recommendations For version 1.01, consider restricting access to the /userfs/bin/tcapi binary until a patch is available. As a temporary workaround, avoid using the commit parameter in the commit <node name> function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.