Executive Summary

Title D-Link routers HNAP service contains stack-based buffer overflow
Name VU#677427 First vendor Publication 2016-11-07
Vendor VU-CERT Last vendor Modification 2016-11-10
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#677427

D-Link routers HNAP service contains stack-based buffer overflow

Original Release date: 07 Nov 2016 | Last revised: 10 Nov 2016


D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action.


CWE-121: Stack-based Buffer Overflow - CVE-2016-6563

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha.

CVE-2016-6563 appears to affect:

  • DIR-823
  • DIR-822
  • DIR-818L(W)
  • DIR-895L
  • DIR-890L
  • DIR-885L
  • DIR-880L
  • DIR-868L


A remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.


Apply an update
D-Link has released firmware updates to address the vulnerabilities in affected routers. Please see their announcement.
If you are unable to update your device, please see the following workarounds:

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks. Additionally, you may wish to disable remote administration of the router.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
D-Link Systems, Inc.Affected12 Sep 201627 Oct 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)



  • http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10066
  • https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt
  • https://cwe.mitre.org/data/definitions/121.html


Thanks to Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

  • CVE IDs:CVE-2016-6563
  • Date Public:07 Nov 2016
  • Date First Published:07 Nov 2016
  • Date Last Updated:10 Nov 2016
  • Document Revision:18


If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/677427

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1

Snort® IPS/IDS

Date Description
2016-12-13 D-Link DIR Series Routers HNAP stack buffer overflow attempt
RuleID : 40750 - Revision : 2 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-05-23 13:17:15
  • Multiple Updates
2018-09-10 21:24:27
  • Multiple Updates
2018-07-14 00:21:04
  • Multiple Updates
2016-11-11 00:22:29
  • Multiple Updates
2016-11-08 21:23:50
  • Multiple Updates
2016-11-08 00:21:52
  • Multiple Updates
2016-11-07 17:21:34
  • First insertion