CVE-2016-6563
N/A
N/A
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| D-Link | DIR-823 | N/A | unknown |
| D-Link | DIR-822 | N/A | unknown |
| D-Link | DIR-818L(W) | N/A | unknown |
| D-Link | DIR-895L | N/A | unknown |
| D-Link | DIR-890L | N/A | unknown |
| D-Link | DIR-885L | N/A | unknown |
| D-Link | DIR-880L | N/A | unknown |
| D-Link | DIR-868L | N/A | unknown |
| D-Link | DIR-850L | N/A | unknown |
Weaknesses
- CWE-121: CWE-121
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/40805/
- https://www.kb.cert.org/vuls/id/677427
- http://www.securityfocus.com/bid/94130
- http://seclists.org/fulldisclosure/2016/Nov/38
References
- https://www.exploit-db.com/exploits/40805/
- https://www.kb.cert.org/vuls/id/677427
- http://www.securityfocus.com/bid/94130
- http://seclists.org/fulldisclosure/2016/Nov/38
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.