CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10996
https://notcve.org/view.php?id=CVE-2018-10996
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable. La función weblogin_log en /htdocs/cgibin en dispositivos D-Link DIR-629-B1 permite que los atacantes ejecuten código arbitrario o provoquen una denegación de servicio (desbordamiento de búfer) mediante una petición session.cgi?ACTION=logout relacionada con una variable de entorno REMOTE_ADDR larga. • http://www.securityfocus.com/bid/104277 https://github.com/kgsdy/D-Link-DIR-629/blob/master/D-Link-DIR-629-B1.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10750
https://notcve.org/view.php?id=CVE-2018-10750
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. Se ha descubierto un problema en dispositivos D-Link DSL-3782 EU 1.01. Un usuario autenticado puede pasar un búfer largo como parámetro "staticGet" al binario "/userfs/bin/tcapi" (en el componente Diagnosis) mediante la función "staticGet <node_name_attr>" y provocar la corrupción de la memoria. • https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10747
https://notcve.org/view.php?id=CVE-2018-10747
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. Se ha descubierto un problema en dispositivos D-Link DSL-3782 EU 1.01. Un usuario autenticado puede pasar un búfer largo como parámetro "unset" al binario "/userfs/bin/tcapi" (en el componente Diagnosis) mediante la función "unset <node_name>" y provocar la corrupción de la memoria. • https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/unset.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10748
https://notcve.org/view.php?id=CVE-2018-10748
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'show' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'show <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. Se ha descubierto un problema en dispositivos D-Link DSL-3782 EU 1.01. Un usuario autenticado puede pasar un búfer largo como parámetro "show" al binario "/userfs/bin/tcapi" (en el componente Diagnosis) mediante la función "show <node_name>" y provocar la corrupción de la memoria. • https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/show.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10749
https://notcve.org/view.php?id=CVE-2018-10749
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'commit' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'commit <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. Se ha descubierto un problema en dispositivos D-Link DSL-3782 EU 1.01. Un usuario autenticado puede pasar un búfer largo como parámetro "commit" al binario "/userfs/bin/tcapi" (en el componente Diagnosis) mediante la función "commit <node_name>" y provocar la corrupción de la memoria. • https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/commit.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •