D-Link DIR model router’s Home Network Administration Protocol (HNAP) service contains a stack-based buffer overflow that has not been patched by the manufacturer.
The flaw, listed under CVE-2016-6563, and spotted by Pedro Ribeiro, at Agile Information Security, can allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. The buffer overflow in the stack occurs when the router processes a malformed simple object access protocol (SOAP) messages when performing the HNAP login function.
“The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha,” wrote Trent Novelly, on the Carnegie Mellon University Vulnerability Notes Database.
There is no solution available yet from D-Link, but Novelly suggested disabling remote administration of the router as a possible solution.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.