CVE-2016-6563 - Vulnerability Details

Vendors	Products
Dlink	Dir-818l\(w\) Dir-818l\(w\) Firmware Dir-822 Dir-822 Firmware Dir-823 Dir-823 Firmware Dir-850l Dir-850l Firmware Dir-868l Dir-868l Firmware Dir-880l Dir-880l Firmware Dir-885l Dir-885l Firmware Dir-890l Dir-890l Firmware Dir-895l Dir-895l Firmware

Link	Providers
http://seclists.org/fulldisclosure/2016/Nov/38
http://www.securityfocus.com/bid/94130
https://www.exploit-db.com/exploits/40805/
https://www.kb.cert.org/vuls/id/677427

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "DIR-823", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}, {"product": "DIR-822", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}, {"product": "DIR-818L(W)", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}, {"product": "DIR-895L", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}, {"product": "DIR-890L", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}, {"product": "DIR-885L", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}, {"product": "DIR-880L", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}, {"product": "DIR-868L", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}, {"product": "DIR-850L", "vendor": "D-Link", "versions": [{"status": "unknown", "version": "N/A"}]}], "datePublic": "2016-11-07T00:00:00", "descriptions": [{"lang": "en", "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-14T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "40805", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40805/"}, {"name": "VU#677427", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/677427"}, {"name": "94130", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94130"}, {"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Nov/38"}], "source": {"discovery": "UNKNOWN"}, "title": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-6563", "STATE": "PUBLIC", "TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DIR-823", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}, {"product_name": "DIR-822", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}, {"product_name": "DIR-818L(W)", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}, {"product_name": "DIR-895L", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}, {"product_name": "DIR-890L", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}, {"product_name": "DIR-885L", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}, {"product_name": "DIR-880L", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}, {"product_name": "DIR-868L", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}, {"product_name": "DIR-850L", "version": {"version_data": [{"affected": "?", "version_affected": "?", "version_value": "N/A"}]}}]}, "vendor_name": "D-Link"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121"}]}]}, "references": {"reference_data": [{"name": "40805", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40805/"}, {"name": "VU#677427", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/677427"}, {"name": "94130", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94130"}, {"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Nov/38"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:36:28.095Z"}, "title": "CVE Program Container", "references": [{"name": "40805", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/40805/"}, {"name": "VU#677427", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/677427"}, {"name": "94130", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94130"}, {"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Nov/38"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-6563", "datePublished": "2018-07-13T20:00:00", "dateReserved": "2016-08-03T00:00:00", "dateUpdated": "2024-08-06T01:36:28.095Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : DIR-823 (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

1 : { »

product : DIR-822 (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

2 : { »

product : DIR-818L(W) (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

3 : { »

product : DIR-895L (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

4 : { »

product : DIR-890L (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

5 : { »

product : DIR-885L (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

6 : { »

product : DIR-880L (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

7 : { »

product : DIR-868L (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

8 : { »

product : DIR-850L (string)

vendor : D-Link (string)

versions : [ »

0 : { »

status : unknown (string)

version : N/A (string)

}

]

}

]

datePublic : 2016-11-07T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-121 (string)

description : CWE-121 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-07-14T09:57:01 (string)

orgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

shortName : certcc (string)

}

references : [ »

0 : { »

name : 40805 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

]

url : https://www.exploit-db.com/exploits/40805/ (string)

}

1 : { »

name : VU#677427 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : https://www.kb.cert.org/vuls/id/677427 (string)

}

2 : { »

name : 94130 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/94130 (string)

}

3 : { »

name : 20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://seclists.org/fulldisclosure/2016/Nov/38 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action (string)

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cert@cert.org (string)

ID : CVE-2016-6563 (string)

STATE : PUBLIC (string)

TITLE : D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : DIR-823 (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

1 : { »

product_name : DIR-822 (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

2 : { »

product_name : DIR-818L(W) (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

3 : { »

product_name : DIR-895L (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

4 : { »

product_name : DIR-890L (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

5 : { »

product_name : DIR-885L (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

6 : { »

product_name : DIR-880L (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

7 : { »

product_name : DIR-868L (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

8 : { »

product_name : DIR-850L (string)

version : { »

version_data : [ »

0 : { »

affected : ? (string)

version_affected : ? (string)

version_value : N/A (string)

}

]

}

]

}

vendor_name : D-Link (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-121 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 40805 (string)

refsource : EXPLOIT-DB (string)

url : https://www.exploit-db.com/exploits/40805/ (string)

}

1 : { »

name : VU#677427 (string)

refsource : CERT-VN (string)

url : https://www.kb.cert.org/vuls/id/677427 (string)

}

2 : { »

name : 94130 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/94130 (string)

}

3 : { »

name : 20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow (string)

refsource : FULLDISC (string)

url : http://seclists.org/fulldisclosure/2016/Nov/38 (string)

}

]

}

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T01:36:28.095Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 40805 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

2 : x_transferred (string)

]

url : https://www.exploit-db.com/exploits/40805/ (string)

}

1 : { »

name : VU#677427 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : https://www.kb.cert.org/vuls/id/677427 (string)

}

2 : { »

name : 94130 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/94130 (string)

}

3 : { »

name : 20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://seclists.org/fulldisclosure/2016/Nov/38 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

assignerShortName : certcc (string)

cveId : CVE-2016-6563 (string)

datePublished : 2018-07-13T20:00:00 (string)

dateReserved : 2016-08-03T00:00:00 (string)

dateUpdated : 2024-08-06T01:36:28.095Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-823_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BCC02FC3-0BB2-41B4-9EDD-65AC1CE9AB5B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC426833-BEA7-4029-BBBB-94688EE801BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-822_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "10F0B001-DEDD-4B68-A63D-F68A8BAF9C1D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-818l\\(w\\)_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4312D87E-181E-423A-90A1-C6F16AD58458", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-818l\\(w\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "3A208284-D9A8-4B97-A975-E7AF0D7110A0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-895l_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E62F905-D226-463C-8BA9-201E8B0165FD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BCCA2BB-4577-402C-88B5-F8E10770CA35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1EA89C7-4655-43A3-9D2B-D57640D56C09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3441E49F-C21B-4B68-89AD-BD46E8D88638", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD481B64-A25D-4123-B575-20EC3C524D9C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-880l_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "52A89607-6CBB-4197-AF08-8A52FA73F703", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "26512943-D705-484D-B9EA-BF401606DFA3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", "matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E72B76AE-8D5C-4FAD-A7FC-303CB0670C98", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*", "matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."}, {"lang": "es", "value": "El procesamiento de mensajes SOAP mal formados al realizar la acci\u00f3n de inicio de sesi\u00f3n HNAP provoca un desbordamiento de b\u00fafer en la pila en algunos routers D-Link DIR. Los campos XML vulnerables en el cuerpo SOAP son: Action, Username, LoginPassword y Captcha. Los siguientes productos se han visto afectados: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L y DIR-850L."}], "id": "CVE-2016-6563", "lastModified": "2024-11-21T02:56:21.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-13T20:29:01.003", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Nov/38"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94130"}, {"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40805/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/677427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Nov/38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94130"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/40805/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/677427"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cret@cert.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-823_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : BCC02FC3-0BB2-41B4-9EDD-65AC1CE9AB5B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EC426833-BEA7-4029-BBBB-94688EE801BC (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-822_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 10F0B001-DEDD-4B68-A63D-F68A8BAF9C1D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B3894F0E-37F8-4A89-87AC-1DB524D4AE04 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-818l\(w\)_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4312D87E-181E-423A-90A1-C6F16AD58458 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-818l\(w\):-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3A208284-D9A8-4B97-A975-E7AF0D7110A0 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-895l_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2E62F905-D226-463C-8BA9-201E8B0165FD (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0BCCA2BB-4577-402C-88B5-F8E10770CA35 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B1EA89C7-4655-43A3-9D2B-D57640D56C09 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3441E49F-C21B-4B68-89AD-BD46E8D88638 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:* (string)

matchCriteriaId : AD481B64-A25D-4123-B575-20EC3C524D9C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-880l_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 52A89607-6CBB-4197-AF08-8A52FA73F703 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CC772491-6371-4712-B358-E74D9C5062FD (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 26512943-D705-484D-B9EA-BF401606DFA3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 33B501D4-BDDD-485E-A5A3-8AA8D5E46061 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dir-850l_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E72B76AE-8D5C-4FAD-A7FC-303CB0670C98 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 607DDB44-0E4E-4606-8909-B624345688D4 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. (string)

}

1 : { »

lang : es (string)

value : El procesamiento de mensajes SOAP mal formados al realizar la acción de inicio de sesión HNAP provoca un desbordamiento de búfer en la pila en algunos routers D-Link DIR. Los campos XML vulnerables en el cuerpo SOAP son: Action, Username, LoginPassword y Captcha. Los siguientes productos se han visto afectados: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L y DIR-850L. (string)

}

]

id : CVE-2016-6563 (string)

lastModified : 2024-11-21T02:56:21.790 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-07-13T20:29:01.003 (string)

references : [ »

0 : { »

source : cret@cert.org (string)

tags : [ »

0 : Exploit (string)

1 : Mailing List (string)

2 : Third Party Advisory (string)

]

url : http://seclists.org/fulldisclosure/2016/Nov/38 (string)

}

1 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94130 (string)

}

2 : { »

source : cret@cert.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : https://www.exploit-db.com/exploits/40805/ (string)

}

3 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://www.kb.cert.org/vuls/id/677427 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Mailing List (string)

2 : Third Party Advisory (string)

]

url : http://seclists.org/fulldisclosure/2016/Nov/38 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94130 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : https://www.exploit-db.com/exploits/40805/ (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://www.kb.cert.org/vuls/id/677427 (string)

}

]

sourceIdentifier : cret@cert.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-121 (string)

}

]

source : cret@cert.org (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object