PT-2021-22854 · D Link · D-Link Dsl-3782
Published
2021-09-09
·
Updated
2021-09-22
·
CVE-2021-40284
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DSL-3782 EU versions 1.01 through 1.03
Description
The issue is a buffer overflow that can cause a denial of service. It exists in the web interface "/cgi-bin/New GUI/Igmp.asp". Authenticated remote attackers can trigger this issue by sending a long string in parameter
igmpsnoopEnable via an HTTP request.Recommendations
For D-Link DSL-3782 EU versions 1.01 through 1.03, consider restricting access to the vulnerable web interface "/cgi-bin/New GUI/Igmp.asp" to minimize the risk of exploitation. As a temporary workaround, avoid using the parameter
igmpsnoopEnable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dsl-3782