CVE-2016-6563

CRITICAL EXPLOITED

D-Link DIR - Buffer Overflow

Title source: llm

Description

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/40805

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Pedro Ribeiro <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_hnap_login_bof.rb

View Code ZIP pw:eip

References (4)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2016/Nov/38

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94130

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/40805/

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/677427

Scores

CVSS v3 9.8

EPSS 0.8489

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-02-27

CWE

CWE-119 CWE-121

Status published

Products (9)

dlink/dir-818l\(w\)_firmware

dlink/dir-822_firmware

dlink/dir-823_firmware

dlink/dir-850l_firmware

dlink/dir-868l_firmware

dlink/dir-880l_firmware

dlink/dir-885l_firmware

dlink/dir-890l_firmware

dlink/dir-895l_firmware

Published Jul 13, 2018

Tracked Since Feb 18, 2026