CVE-2016-6563

critical-risk

Published 2018-07-13

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

Do I need to act?

84.9% chance of exploitation in next 30 days

EPSS score — higher than 15% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40805

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (9)

Dir-823 Firmware

Dir-822 Firmware

Dir-818L\(W\) Firmware

Dir-895L Firmware

Dir-890L Firmware

Dir-885L Firmware

Dir-880L Firmware

Dir-868L Firmware

Dir-850L Firmware

Affected Vendors

Dlink

References (8)

Exploit http://seclists.org/fulldisclosure/2016/Nov/38

Third Party Advisory http://www.securityfocus.com/bid/94130

Exploit https://www.exploit-db.com/exploits/40805/

Third Party Advisory https://www.kb.cert.org/vuls/id/677427

Exploit http://seclists.org/fulldisclosure/2016/Nov/38

Third Party Advisory http://www.securityfocus.com/bid/94130

Exploit https://www.exploit-db.com/exploits/40805/

Third Party Advisory https://www.kb.cert.org/vuls/id/677427

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 15/34 · Moderate