CVE-2021-40284

D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dsl-3782_firmware:eu_1.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl-3782_firmware:eu_1.03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-3782:-:*:*:*:*:*:*:*

History

22 Sep 2021, 15:16

Type Values Removed Values Added
CWE CWE-120
References (MISC) https://www.dlink.com/en/security-bulletin/ - (MISC) https://www.dlink.com/en/security-bulletin/ - Vendor Advisory
References (MISC) https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10245 - (MISC) https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10245 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 6.5
CPE cpe:2.3:o:dlink:dsl-3782_firmware:eu_1.03:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-3782:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl-3782_firmware:eu_1.01:*:*:*:*:*:*:*

09 Sep 2021, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-09 17:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-40284

Mitre link : CVE-2021-40284

CVE.ORG link : CVE-2021-40284


JSON object : View

Products Affected

dlink

  • dsl-3782
  • dsl-3782_firmware
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')