All the vulnerabilites related to D-Link - DIR-850L
cve-2016-6563
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/40805/ | exploit, x_refsource_EXPLOIT-DB | |
https://www.kb.cert.org/vuls/id/677427 | third-party-advisory, x_refsource_CERT-VN | |
http://www.securityfocus.com/bid/94130 | vdb-entry, x_refsource_BID | |
http://seclists.org/fulldisclosure/2016/Nov/38 | mailing-list, x_refsource_FULLDISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:28.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "40805", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40805/" }, { "name": "VU#677427", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/677427" }, { "name": "94130", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94130" }, { "name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2016/Nov/38" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "DIR-823", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-822", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-818L(W)", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-895L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-890L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-885L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-880L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-868L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-850L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] } ], "datePublic": "2016-11-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-14T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "40805", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40805/" }, { "name": "VU#677427", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/677427" }, { "name": "94130", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94130" }, { "name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2016/Nov/38" } ], "source": { "discovery": "UNKNOWN" }, "title": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2016-6563", "STATE": "PUBLIC", "TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "DIR-823", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-822", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-818L(W)", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-895L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-890L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-885L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-880L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-868L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-850L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } } ] }, "vendor_name": "D-Link" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "40805", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40805/" }, { "name": "VU#677427", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/677427" }, { "name": "94130", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94130" }, { "name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Nov/38" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-6563", "datePublished": "2018-07-13T20:00:00", "dateReserved": "2016-08-03T00:00:00", "dateUpdated": "2024-08-06T01:36:28.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }