10
CVE-2016-6563
- EPSS 87.97%
- Veröffentlicht 13.07.2018 20:29:01
- Zuletzt bearbeitet 21.11.2024 02:56:21
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginProcessing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dlink ≫ Dir-823 Firmware Version-
Dlink ≫ Dir-822 Firmware Version-
Dlink ≫ Dir-818l(w) Firmware Version-
Dlink ≫ Dir-895l Firmware Version-
Dlink ≫ Dir-890l Firmware Version-
Dlink ≫ Dir-885l Firmware Version-
Dlink ≫ Dir-880l Firmware Version-
Dlink ≫ Dir-868l Firmware Version-
Dlink ≫ Dir-850l Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 87.97% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).