Buffer Overflow Vulnerability in D-Link DIR Routers via Malformed SOAP Messages

Buffer Overflow Vulnerability in D-Link DIR Routers via Malformed SOAP Messages

CVE-2016-6563 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

Learn more about our User Device Pen Test.