Buffer Overflow Vulnerability in D-Link DSL-3782 by D-Link
CVE-2021-40284

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: Dsl-3782 Firmware
Vendor: CVE Published:; 9 September 2021

What is CVE-2021-40284?

The D-Link DSL-3782 EU v1.01 and v1.03 are vulnerable to a buffer overflow issue in the web interface, specifically in the '/cgi-bin/New_GUI/Igmp.asp' endpoint. This security flaw allows authenticated remote attackers to trigger a denial of service by sending a maliciously crafted long string in the 'igmpsnoopEnable' parameter through an HTTP request, potentially causing disruption of service.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2021
Vulnerability Reserved
Aug 30, 2021