CVE-2022-35192. > [Description]> D-Link Wireless AC1200 Dual Band VDSL ADS

1. CVE-2022-35192.
2.  
3. > [Description]
4. > D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782
5. > Firmware v1.01 allows unauthenticated attackers to cause a Denial of
6. > Service (DoS) via the User parameter or Pwd parameter to Login.asp.
7. >
8. >
9. > ------------------------------------------
10. >
11. > [VulnerabilityType Other]
12. > Buffer Overflow
13. >
14. > ------------------------------------------
15. >
16. > [Vendor of Product]
17. > D-Link
18. >
19. > ------------------------------------------
20. >
21. > [Affected Product Code Base]
22. > Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 - Firmware v1.01, version fix: None
23. >
24. > ------------------------------------------
25. >
26. > [Affected Component]
27. > web service
28. >
29. > ------------------------------------------
30. >
31. > [Attack Type]
32. > Remote
33. >
34. > ------------------------------------------
35. >
36. > [Impact Code execution]
37. > true
38. >
39. > ------------------------------------------
40. >
41. > [Attack Vectors]
42. > Send request login with value of "Usr" or "Pwd" over 128 byte
43. >
44. > ------------------------------------------
45. >
46. > [Reference]
47. > https://eu.dlink.com/ba/hr/products/dsl-3782-wireless-ac1200-dual-band-vdsl-adsl-modem-router
48. >
49. > ------------------------------------------
50. >
51. > [Has vendor confirmed or acknowledged the vulnerability?]
52. > true
53. >
54. > ------------------------------------------
55. >
56. > [Discoverer]
57. > quanghv17_viettel_cyber_security
58.  
59. CVE-2022-30024