cvedb.io
CVE-2016-6563
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-07-13T20:29:01.003 · Last modified 2026-06-17T00:51:23.423

Summary

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

Affected products

dlink — dir-823_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when dlink ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.