Main Vulnerability Database Vulnerabilities #VU1164

#VU1164 Buffer overflow in D-Link products - CVE-2016-6563

Published: November 9, 2016

Vulnerability identifier: #VU1164

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2016-6563

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:

DIR-822
DIR-818L(W)
DIR-895L
DIR-890L
DIR-885L
DIR-880L
DIR-868L

Software vendor:

D-Link

Description

A remote attacker can compromise vulnerable device.

The vulnerability exists due to stack-based buffer overflow when processing Action, Username, LoginPassword, and Captcha fields in XML file. A remote unauthenticated attacker can send a specially crafted SOAP message to HNAPI (Home Network Automation Protocol) login interface, cause stack-based buffer overflow and execute arbitrary code on vulnerable device.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over vulnerable device.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

#VU1164 Buffer overflow in D-Link products - CVE-2016-6563

Description

Remediation

External links

Please verify you're human