Software Engineering Institute

CWE-121: Stack-based Buffer Overflow - CVE-2016-6563

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha.

CVE-2016-6563 appears to affect:

• DIR-823
• DIR-822
• DIR-818L(W)
• DIR-895L
• DIR-890L
• DIR-885L
• DIR-880L
• DIR-868L
• DIR-850L

A remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.

Apply an update
D-Link has released firmware updates to address the vulnerabilities in affected routers. Please see their announcement.
If you are unable to update your device, please see the following workarounds:

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks. Additionally, you may wish to disable remote administration of the router.