Buffer Overflow Vulnerability in D-Link DSL-3782 Router
CVE-2018-8941

8.8HIGH

Key Information:

Vendor: D-link
Status: Dsl-3782 Firmware
Vendor: CVE Published:; 3 April 2018

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 22%

Summary

The D-Link DSL-3782 router is susceptible to a buffer overflow vulnerability in its diagnostics functionality. This flaw allows authenticated remote attackers to exploit the 'set Diagnostics_Entry' function by sending an HTTP request containing a lengthy Addr value. The attack can lead to arbitrary code execution, enabling attackers to gain unauthorized access to the device and potentially compromise the network environment. Users are urged to update their firmware to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-8941
Created by SECFORCE

References

https://github.com/SECFORCE/CVE-2018-8941

x_refsource_MISC

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Apr 3, 2018
👾
Exploit known to exist
Apr 3, 2018
Vulnerability published
Apr 3, 2018
Vulnerability Reserved
Mar 22, 2018