Main Vulnerability Database Exploits ID:1836 - Exploit for Buffer overflow in D-Link products - CVE-2016-6563

ID:1836 - Exploit for Buffer overflow in D-Link products - CVE-2016-6563

Published: March 18, 2020

Vulnerability identifier: #VU1164

Vulnerability risk: High

CVE-ID: CVE-2016-6563

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:
DIR-822
DIR-818L(W)
DIR-895L
DIR-890L
DIR-885L
DIR-880L
DIR-868L

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/http/dlink_hnap_login_bof

Vulnerability description

A remote attacker can compromise vulnerable device.

The vulnerability exists due to stack-based buffer overflow when processing Action, Username, LoginPassword, and Captcha fields in XML file. A remote unauthenticated attacker can send a specially crafted SOAP message to HNAPI (Home Network Automation Protocol) login interface, cause stack-based buffer overflow and execute arbitrary code on vulnerable device.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over vulnerable device.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:1836 - Exploit for Buffer overflow in D-Link products - CVE-2016-6563

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human