CVE-2018-10750

Name of the Vulnerable Software and Affected Versions D-Link DSL-3782 versions 1.01

Description The issue is related to a buffer overflow in the /userfs/bin/tcapi file of the Diagnostics component in the D-Link DSL-3782 router's firmware. This can be exploited by an authenticated user who passes a long buffer as the staticGet parameter to the /userfs/bin/tcapi binary, potentially causing memory corruption and allowing the execution of arbitrary code. The exploitation can be done remotely.

Recommendations For version 1.01, consider restricting access to the /userfs/bin/tcapi binary until a patch is available. As a temporary workaround, avoid using the staticGet parameter in the affected binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.