CVE-2016-6563

Name: CVE-2016-6563
Creator: NVD / NIST
Published: 2018-07-13T20:29:01.003+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 79.95%

Last modified Jun 17, 2026

CVE-2016-6563 is a vulnerability of currently unknown severity. Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. EPSS estimates a 79.95% chance of exploitation in the next 30 days.

Description

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.

Metrics

EPSS Probability

79.95%

99.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Dlink	Dir-823 Firmware	All versions
Dlink	Dir-822 Firmware	All versions
Dlink	Dir-818l\(W\) Firmware	All versions
Dlink	Dir-895l Firmware	All versions
Dlink	Dir-890l Firmware	All versions
Dlink	Dir-885l Firmware	All versions
Dlink	Dir-880l Firmware	All versions
Dlink	Dir-868l Firmware	All versions
Dlink	Dir-850l Firmware	All versions

References

http://seclists.org/fulldisclosure/2016/Nov/38Exploit, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/94130Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/40805/Exploit, Third Party Advisory, VDB Entry
https://www.kb.cert.org/vuls/id/677427Third Party Advisory, US Government Resource
http://seclists.org/fulldisclosure/2016/Nov/38Exploit, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/94130Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/40805/Exploit, Third Party Advisory, VDB Entry
https://www.kb.cert.org/vuls/id/677427Third Party Advisory, US Government Resource

Timeline

Published: Jul 13, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-6563?

How severe is CVE-2016-6563?

Severity scoring for CVE-2016-6563 is pending analysis. The EPSS model estimates a 79.95% probability of exploitation in the next 30 days.

How do I fix CVE-2016-6563?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-6563?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST