Описание
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
Уязвимость файла /userfs/bin/tcapi компонента Diagnostics микропрограммного обеспечения маршрутизатора D-Link DSL-3782, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3
9 Critical
CVSS2