CVE-2018-8941

Name of the Vulnerable Software and Affected Versions D-Link DSL-3782 version EU v. 1.01

Description The issue concerns a buffer overflow in the diagnostics functionality of the affected device. This allows authenticated remote attackers to execute arbitrary code by sending a long Addr value to the set Diagnostics Entry function in an HTTP request. The vulnerability is related to the /userfs/bin/tcapi endpoint.

Recommendations For D-Link DSL-3782 version EU v. 1.01, consider disabling the set Diagnostics Entry function as a temporary workaround until a patch is available. Restrict access to the /userfs/bin/tcapi endpoint to minimize the risk of exploitation. Avoid using long Addr values in HTTP requests to the affected function until the issue is resolved.