CVE-2016-6563
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
References
▼ | URL | Tags | |
---|---|---|---|
cret@cert.org | http://seclists.org/fulldisclosure/2016/Nov/38 | Exploit, Mailing List, Third Party Advisory | |
cret@cert.org | http://www.securityfocus.com/bid/94130 | Third Party Advisory, VDB Entry | |
cret@cert.org | https://www.exploit-db.com/exploits/40805/ | Exploit, Third Party Advisory, VDB Entry | |
cret@cert.org | https://www.kb.cert.org/vuls/id/677427 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Nov/38 | Exploit, Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94130 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40805/ | Exploit, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/677427 | Third Party Advisory, US Government Resource |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:36:28.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "40805", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40805/" }, { "name": "VU#677427", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/677427" }, { "name": "94130", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94130" }, { "name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2016/Nov/38" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "DIR-823", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-822", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-818L(W)", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-895L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-890L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-885L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-880L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-868L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] }, { "product": "DIR-850L", "vendor": "D-Link", "versions": [ { "status": "unknown", "version": "N/A" } ] } ], "datePublic": "2016-11-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-14T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "40805", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40805/" }, { "name": "VU#677427", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/677427" }, { "name": "94130", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94130" }, { "name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2016/Nov/38" } ], "source": { "discovery": "UNKNOWN" }, "title": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2016-6563", "STATE": "PUBLIC", "TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "DIR-823", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-822", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-818L(W)", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-895L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-890L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-885L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-880L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-868L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } }, { "product_name": "DIR-850L", "version": { "version_data": [ { "affected": "?", "version_affected": "?", "version_value": "N/A" } ] } } ] }, "vendor_name": "D-Link" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "40805", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40805/" }, { "name": "VU#677427", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/677427" }, { "name": "94130", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94130" }, { "name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Nov/38" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-6563", "datePublished": "2018-07-13T20:00:00", "dateReserved": "2016-08-03T00:00:00", "dateUpdated": "2024-08-06T01:36:28.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-6563\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-07-13T20:29:01.003\",\"lastModified\":\"2024-11-21T02:56:21.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.\"},{\"lang\":\"es\",\"value\":\"El procesamiento de mensajes SOAP mal formados al realizar la acci\u00f3n de inicio de sesi\u00f3n HNAP provoca un desbordamiento de b\u00fafer en la pila en algunos routers D-Link DIR. Los campos XML vulnerables en el cuerpo SOAP son: Action, Username, LoginPassword y Captcha. Los siguientes productos se han visto afectados: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L y DIR-850L.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-823_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCC02FC3-0BB2-41B4-9EDD-65AC1CE9AB5B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC426833-BEA7-4029-BBBB-94688EE801BC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-822_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F0B001-DEDD-4B68-A63D-F68A8BAF9C1D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3894F0E-37F8-4A89-87AC-1DB524D4AE04\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-818l\\\\(w\\\\)_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4312D87E-181E-423A-90A1-C6F16AD58458\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-818l\\\\(w\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A208284-D9A8-4B97-A975-E7AF0D7110A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-895l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E62F905-D226-463C-8BA9-201E8B0165FD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BCCA2BB-4577-402C-88B5-F8E10770CA35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1EA89C7-4655-43A3-9D2B-D57640D56C09\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3441E49F-C21B-4B68-89AD-BD46E8D88638\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD481B64-A25D-4123-B575-20EC3C524D9C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-880l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52A89607-6CBB-4197-AF08-8A52FA73F703\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC772491-6371-4712-B358-E74D9C5062FD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26512943-D705-484D-B9EA-BF401606DFA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33B501D4-BDDD-485E-A5A3-8AA8D5E46061\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-850l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E72B76AE-8D5C-4FAD-A7FC-303CB0670C98\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"607DDB44-0E4E-4606-8909-B624345688D4\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2016/Nov/38\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94130\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/40805/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/677427\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/Nov/38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/40805/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/677427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.