Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
4 vulnerabilities found for DIR-868L by D-Link
CVE-2026-3485 (GCVE-0-2026-3485)
Vulnerability from nvd – Published: 2026-03-03 21:02 – Updated: 2026-03-03 21:32 Unsupported When Assigned
VLAI?
Title
D-Link DIR-868L SSDP Service sub_1BF84 os command injection
Summary
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
9.8 (Critical)
9.8 (Critical)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
Xuhsy (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3485",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T21:32:35.283147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:32:41.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SSDP Service"
],
"product": "DIR-868L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "110b03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Xuhsy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:02:10.454Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-348560 | D-Link DIR-868L SSDP Service sub_1BF84 os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.348560"
},
{
"name": "VDB-348560 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.348560"
},
{
"name": "Submit #764759 | D-Link dir-868I REVA1_FW110b03 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764759"
},
{
"tags": [
"exploit"
],
"url": "https://kn0sinna.notion.site/dlink-dir-868l-ssdp-command-injection-30eb1876cd6e80caa691de6fe5cab59c"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-03T16:28:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DIR-868L SSDP Service sub_1BF84 os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3485",
"datePublished": "2026-03-03T21:02:10.454Z",
"dateReserved": "2026-03-03T15:23:23.561Z",
"dateUpdated": "2026-03-03T21:32:41.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-6563 (GCVE-0-2016-6563)
Vulnerability from nvd – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
VLAI?
Title
D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Date Public ?
2016-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40805",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-823",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-822",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-818L(W)",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-895L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-890L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-885L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-880L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-868L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-850L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2016-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "40805",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6563",
"STATE": "PUBLIC",
"TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DIR-823",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-822",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-818L(W)",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-895L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-890L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-885L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-880L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-868L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-850L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40805",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-6563",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:36:28.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-3485 (GCVE-0-2026-3485)
Vulnerability from cvelistv5 – Published: 2026-03-03 21:02 – Updated: 2026-03-03 21:32 Unsupported When Assigned
VLAI?
Title
D-Link DIR-868L SSDP Service sub_1BF84 os command injection
Summary
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
9.8 (Critical)
9.8 (Critical)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
Xuhsy (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3485",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T21:32:35.283147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:32:41.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SSDP Service"
],
"product": "DIR-868L",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "110b03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Xuhsy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:02:10.454Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-348560 | D-Link DIR-868L SSDP Service sub_1BF84 os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.348560"
},
{
"name": "VDB-348560 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.348560"
},
{
"name": "Submit #764759 | D-Link dir-868I REVA1_FW110b03 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.764759"
},
{
"tags": [
"exploit"
],
"url": "https://kn0sinna.notion.site/dlink-dir-868l-ssdp-command-injection-30eb1876cd6e80caa691de6fe5cab59c"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-03T16:28:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DIR-868L SSDP Service sub_1BF84 os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3485",
"datePublished": "2026-03-03T21:02:10.454Z",
"dateReserved": "2026-03-03T15:23:23.561Z",
"dateUpdated": "2026-03-03T21:32:41.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-6563 (GCVE-0-2016-6563)
Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
VLAI?
Title
D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Date Public ?
2016-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40805",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-823",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-822",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-818L(W)",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-895L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-890L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-885L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-880L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-868L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-850L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2016-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "40805",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6563",
"STATE": "PUBLIC",
"TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DIR-823",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-822",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-818L(W)",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-895L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-890L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-885L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-880L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-868L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-850L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40805",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-6563",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2016-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:36:28.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}