CVE-2016-6563

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

Published : 2018-07-13 20:29 Updated : 2019-10-09 23:19

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Dlink Dir-818l%28w%29 Firmware - cpe:/o:dlink:dir-818l%28w%29_firmware:-
Dlink Dir-822 Firmware - cpe:/o:dlink:dir-822_firmware:-
Dlink Dir-823 Firmware - cpe:/o:dlink:dir-823_firmware:-
Dlink Dir-850l Firmware - cpe:/o:dlink:dir-850l_firmware:-
Dlink Dir-868l Firmware - cpe:/o:dlink:dir-868l_firmware:-
Dlink Dir-880l Firmware - cpe:/o:dlink:dir-880l_firmware:-
Dlink Dir-885l Firmware - cpe:/o:dlink:dir-885l_firmware:-
Dlink Dir-890l Firmware - cpe:/o:dlink:dir-890l_firmware:-
Dlink Dir-895l Firmware - cpe:/o:dlink:dir-895l_firmware:-
  1. Dlink (9) Search CVE
    1. Dir-818l%28w%29 Firmware (1) Search CVE
      1. -
    2. Dir-823 Firmware (1) Search CVE
      1. -
    3. Dir-850l Firmware (1) Search CVE
      1. -
    4. Dir-868l Firmware (1) Search CVE
      1. -
    5. Dir-880l Firmware (1) Search CVE
      1. -
    6. Dir-885l Firmware (1) Search CVE
      1. -
    7. Dir-822 Firmware (1) Search CVE
      1. -
    8. Dir-890l Firmware (1) Search CVE
      1. -
    9. Dir-895l Firmware (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2018-09-10 16:08
2018-07-15 01:29
2018-07-13 20:29

New CVE