CVE-2016-6563
13.07.2018, 20:29
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dlink | dir-823_firmware | - |
| dlink | dir-822_firmware | - |
| dlink | dir-818l\(w\)_firmware | - |
| dlink | dir-895l_firmware | - |
| dlink | dir-890l_firmware | - |
| dlink | dir-885l_firmware | - |
| dlink | dir-880l_firmware | - |
| dlink | dir-868l_firmware | - |
| dlink | dir-850l_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
References