CVE-2016-6563

Summary

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

Affected Software

VendorProductVersion RangeStatus
D-LinkDIR-823N/Aunknown
D-LinkDIR-822N/Aunknown
D-LinkDIR-818L(W)N/Aunknown
D-LinkDIR-895LN/Aunknown
D-LinkDIR-890LN/Aunknown
D-LinkDIR-885LN/Aunknown
D-LinkDIR-880LN/Aunknown
D-LinkDIR-868LN/Aunknown
D-LinkDIR-850LN/Aunknown

Weaknesses

  • CWE-121: CWE-121

ADP Enrichment

CVE Program Container

Additional References

References