CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10746
https://notcve.org/view.php?id=CVE-2018-10746
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. Se ha descubierto un problema en dispositivos D-Link DSL-3782 EU 1.01. Un usuario autenticado puede pasar un búfer largo como parámetro "get" al binario "/userfs/bin/tcapi" (en el componente Diagnosis) mediante la función "get <node_name_attr>" y provocar la corrupción de la memoria. • https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/get.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10713
https://notcve.org/view.php?id=CVE-2018-10713
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. Se ha descubierto un problema en dispositivos D-Link DSL-3782 EU 1.01. Un usuario autenticado puede pasar un búfer largo como parámetro "read" al binario "/userfs/bin/tcapi" (en el componente Diagnosis) mediante la función "read " y provocar la corrupción de la memoria. • https://github.com/kgsdy/D-Link-DSL-3782-EU • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10431
https://notcve.org/view.php?id=CVE-2018-10431
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. Los dispositivos D-Link DIR-615 2.5.17 permite la ejecución remota de código mediante metacaracteres shell en el campo Host de la pantalla System / Traceroute. • https://github.com/imsebao/404team/blob/master/dlink/dlink_dir615_rce.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 3CVE-2018-10110 – D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-10110
D-Link DIR-615 T1 devices allow XSS via the Add User feature. Los dispositivos D-Link DIR-615 T1 permiten Cross-Site Scripting (XSS) mediante la característica Add User. The D-Link DIR-615 wireless router suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44473 http://packetstormsecurity.com/files/147184/D-Link-DIR-615-Cross-Site-Scripting.html https://hacksayan.wordpress.com/d-link-dir-615-wireless-router-persistent-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-8941
https://notcve.org/view.php?id=CVE-2018-8941
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. La funcionalidad de diagnóstico en dispositivos D-Link DSL-3782 con firmware EU v. 1.01 tiene un desbordamiento de búfer que permite que atacantes remotos autenticados ejecuten código arbitrario mediante un valor Addr largo en la función "set Diagnostics_Entry" de una petición HTTP. Esto está relacionado con /userfs/bin/tcapi. • https://github.com/SECFORCE/CVE-2018-8941 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •