High severity8.8NVD Advisory· Published May 4, 2018· Updated Jun 17, 2026
CVE-2018-10747
CVE-2018-10747
Description
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'unset <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
Affected products
1- Range: =1.01
Patches
Vulnerability mechanics
References
1- github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/unset.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.