// For flags

CVE-2016-6563

D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

El procesamiento de mensajes SOAP mal formados al realizar la acción de inicio de sesión HNAP provoca un desbordamiento de búfer en la pila en algunos routers D-Link DIR. Los campos XML vulnerables en el cuerpo SOAP son: Action, Username, LoginPassword y Captcha. Los siguientes productos se han visto afectados: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L y DIR-850L.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-08-03 CVE Reserved
  • 2016-11-07 First Exploit
  • 2016-11-08 CVE Published
  • 2024-06-22 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-121: Stack-based Buffer Overflow
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
 Dir-823 Firmware
Search vendor "Dlink" for product "Dir-823 Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-823
Search vendor "Dlink" for product "Dir-823"
--
Safe
Dlink
Search vendor "Dlink"
 Dir-822 Firmware
Search vendor "Dlink" for product "Dir-822 Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-822
Search vendor "Dlink" for product "Dir-822"
--
Safe
Dlink
Search vendor "Dlink"
 Dir-818l\(w\) Firmware
Search vendor "Dlink" for product "Dir-818l\(w\) Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-818l\(w\)
Search vendor "Dlink" for product "Dir-818l\(w\)"
--
Safe
Dlink
Search vendor "Dlink"
 Dir-895l Firmware
Search vendor "Dlink" for product "Dir-895l Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-895l
Search vendor "Dlink" for product "Dir-895l"
--
Safe
Dlink
Search vendor "Dlink"
 Dir-890l Firmware
Search vendor "Dlink" for product "Dir-890l Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-890l
Search vendor "Dlink" for product "Dir-890l"
--
Safe
Dlink
Search vendor "Dlink"
 Dir-885l Firmware
Search vendor "Dlink" for product "Dir-885l Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-885l
Search vendor "Dlink" for product "Dir-885l"
--
Safe
Dlink
Search vendor "Dlink"
 Dir-880l Firmware
Search vendor "Dlink" for product "Dir-880l Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-880l
Search vendor "Dlink" for product "Dir-880l"
--
Safe
Dlink
Search vendor "Dlink"
 Dir-868l Firmware
Search vendor "Dlink" for product "Dir-868l Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-868l
Search vendor "Dlink" for product "Dir-868l"
--
Safe
Dlink
Search vendor "Dlink"
 Dir-850l Firmware
Search vendor "Dlink" for product "Dir-850l Firmware"
--
Affected
in Dlink
Search vendor "Dlink"
 Dir-850l
Search vendor "Dlink" for product "Dir-850l"
--
Safe