CVE-2016-6563 RCE flaw affects D-Link Routers, disable remote admin | Homeland Security Degrees
CVE-2016-6563 RCE flaw affects D-Link Routers, disable remote admin | Homeland Security Degrees
https://homelandsecurityedus.wordpress.com/2016/11/08/cve-2016-6563-rce-flaw-affects-d-link-routers-disable-remote-admin/
Carnegie-Mellon CERT warns of a flawed implementation of HNAP in D-Link routers (CVE-2016-6563) that could be exploited for remote execute code.
According to the Carnegie-Mellon CERT the implementation of the Home Network Automation Protocol (HNAP) of D-Link routers is affected by a stack-based buffer overflow vulnerability tracked as CVE-2016-6563.
The flaw could be exploited by a remote, unauthenticated attacker to execute arbitrary code with root privileges.
“Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPa…
To learn more visit: Security Affairs
The post CVE-2016-6563 RCE flaw affects D-Link Routers, disable remote admin appeared first on Homeland Security Degrees.
