Buffer Overflow Vulnerability in D-Link DIR Routers via Malformed SOAP Messages
CVE-2016-6563 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
Learn more about our User Device Pen Test.