CVE-2016-6563

Summary

CVE	CVE-2016-6563
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-07-13 20:29:00 UTC
Updated	2019-10-09 23:19:00 UTC
Description	Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Dlink	Dir-818lw	-	All	All	All
Operating System	Dlink	Dir-818lw Firmware	-	All	All	All
Hardware	Dlink	Dir-818lw	-	All	All	All
Hardware	Dlink	Dir-818lw	-	All	All	All
Operating System	Dlink	Dir-818lw Firmware	-	All	All	All
Operating System	Dlink	Dir-818lw Firmware	-	All	All	All
Hardware	Dlink	Dir-822	-	All	All	All
Hardware	Dlink	Dir-822	-	All	All	All
Operating System	Dlink	Dir-822 Firmware	-	All	All	All
Operating System	Dlink	Dir-822 Firmware	-	All	All	All
Hardware	Dlink	Dir-823	-	All	All	All
Hardware	Dlink	Dir-823	-	All	All	All
Operating System	Dlink	Dir-823 Firmware	-	All	All	All
Operating System	Dlink	Dir-823 Firmware	-	All	All	All
Hardware	Dlink	Dir-850l	-	All	All	All
Hardware	Dlink	Dir-850l	-	All	All	All
Operating System	Dlink	Dir-850l Firmware	-	All	All	All
Operating System	Dlink	Dir-850l Firmware	-	All	All	All
Hardware	Dlink	Dir-868l	-	All	All	All
Hardware	Dlink	Dir-868l	-	All	All	All
Operating System	Dlink	Dir-868l Firmware	-	All	All	All
Operating System	Dlink	Dir-868l Firmware	-	All	All	All
Hardware	Dlink	Dir-880l	-	All	All	All
Hardware	Dlink	Dir-880l	-	All	All	All
Operating System	Dlink	Dir-880l Firmware	-	All	All	All
Operating System	Dlink	Dir-880l Firmware	-	All	All	All
Hardware	Dlink	Dir-885l	-	All	All	All
Hardware	Dlink	Dir-885l	-	All	All	All
Operating System	Dlink	Dir-885l Firmware	-	All	All	All
Operating System	Dlink	Dir-885l Firmware	-	All	All	All
Hardware	Dlink	Dir-890l	-	All	All	All
Hardware	Dlink	Dir-890l	-	All	All	All
Operating System	Dlink	Dir-890l Firmware	-	All	All	All
Operating System	Dlink	Dir-890l Firmware	-	All	All	All
Hardware	Dlink	Dir-895l	-	All	All	All
Hardware	Dlink	Dir-895l	-	All	All	All
Operating System	Dlink	Dir-895l Firmware	-	All	All	All
Operating System	Dlink	Dir-895l Firmware	-	All	All	All

References

Reference	Source	Link	Tags
Full Disclosure: [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow	FULLDISC	seclists.org	Exploit, Mailing List, Third Party Advisory
Vulnerability Note VU#677427 - D-Link routers HNAP service contains stack-based buffer overflow	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
D-Link DIR-Series Routers - HNAP Login Stack Buffer Overflow (Metasploit) - Multiple remote Exploit	EXPLOIT-DB	www.exploit-db.com	Exploit, Third Party Advisory, VDB Entry
Multiple D-Link DIR Routers CVE-2016-6563 Remote Stack Overflow Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.