CVE-2018-10746 Vulnerability Details

  /     /     /  

CVE-2018-10746 Metadata Quick Info

CVE Published: 04/05/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: mitre | Vendor: n/a | Product: n/a
Status : PUBLISHED

---

CVE-2018-10746 Description

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a \'get\' parameter to the \'/userfs/bin/tcapi\' binary (in the Diagnostics component) using the \'get \' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).