Vulnerability Note VU#677427
D-Link routers HNAP service contains stack-based buffer overflow
D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action.
CWE-121: Stack-based Buffer Overflow - CVE-2016-6563
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha.
A remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|D-Link Systems, Inc.||Affected||12 Sep 2016||27 Oct 2016|
CVSS Metrics (Learn More)
Thanks to Pedro Ribeiro (firstname.lastname@example.org) of Agile Information Security for reporting this vulnerability.
This document was written by Trent Novelly.
- CVE IDs: CVE-2016-6563
- Date Public: 07 Nov 2016
- Date First Published: 07 Nov 2016
- Date Last Updated: 10 Nov 2016
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.