CVE-2016-6563 Information
Feb 14, 2021
cve
Description
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action Username LoginPassword and Captcha. The following products are affected: DIR-823 DIR-822 DIR-818L(W) DIR-895L DIR-890L DIR-885L DIR-880L DIR-868L and DIR-850L.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://seclists.org/fulldisclosure/2016/Nov/38 http://www.securityfocus.com/bid/94130 https://www.exploit-db.com/exploits/40805/ https://www.kb.cert.org/vuls/id/677427
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: