Page 2 of 15 results (0.019 seconds)

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request. D-Link DSL-3782 versiones EU v1.01:EU v1.03, está afectado por un desbordamiento de búfer que puede causar una denegación de servicio. Esta vulnerabilidad se presenta en la interfaz web "/cgi-bin/New_GUI/Igmp.asp". • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10245 https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter. Se ha descubierto un problema en dispositivos D-Link DSL-3782 con la versión de firmware 1.01. Una vulnerabilidad de inyección de comandos del sistema operativo en Acl.asp permite a un atacante remoto autenticado ejecutar comandos arbitrarios del sistema operativo mediante el parámetro ScrIPaddrEndTXT • https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/New_GUI/Acl.asp" is requested. Existe una vulnerabilidad de Cross-Site Scripting persistente en la interfaz web de los dispositivos DSL-3782 de D-Link, con la versión de firmware 1.01, que permite a los atacantes autenticados inyectar código JavaScript o cargas útiles de HTML dentro de la página ACL. La carga útil inyectada se ejecutaría en el navegador de un usuario cuando se solicita "/cgi-bin/New_GUI/Acl.asp". • https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. Se ha descubierto un problema en dispositivos D-Link DSL-3782 EU 1.01. Un usuario autenticado puede pasar un búfer largo como parámetro "staticGet" al binario "/userfs/bin/tcapi" (en el componente Diagnosis) mediante la función "staticGet <node_name_attr>" y provocar la corrupción de la memoria. • https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. Se ha descubierto un problema en dispositivos D-Link DSL-3782 EU 1.01. Un usuario autenticado puede pasar un búfer largo como parámetro "unset" al binario "/userfs/bin/tcapi" (en el componente Diagnosis) mediante la función "unset <node_name>" y provocar la corrupción de la memoria. • https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/unset.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •