High severity8.8NVD Advisory· Published May 4, 2018· Updated Jun 17, 2026
CVE-2018-10750
CVE-2018-10750
Description
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
Affected products
1- Range: =1.01
Patches
Vulnerability mechanics
References
1- github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.