{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T02:36:56.892","vulnerabilities":[{"cve":{"id":"CVE-2016-6563","sourceIdentifier":"cret@cert.org","published":"2018-07-13T20:29:01.003","lastModified":"2024-11-21T02:56:21.790","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."},{"lang":"es","value":"El procesamiento de mensajes SOAP mal formados al realizar la acción de inicio de sesión HNAP provoca un desbordamiento de búfer en la pila en algunos routers D-Link DIR. Los campos XML vulnerables en el cuerpo SOAP son: Action, Username, LoginPassword y Captcha. Los siguientes productos se han visto afectados: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L y DIR-850L."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-823_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BCC02FC3-0BB2-41B4-9EDD-65AC1CE9AB5B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*","matchCriteriaId":"EC426833-BEA7-4029-BBBB-94688EE801BC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-822_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"10F0B001-DEDD-4B68-A63D-F68A8BAF9C1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*","matchCriteriaId":"B3894F0E-37F8-4A89-87AC-1DB524D4AE04"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-818l\\(w\\)_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4312D87E-181E-423A-90A1-C6F16AD58458"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-818l\\(w\\):-:*:*:*:*:*:*:*","matchCriteriaId":"3A208284-D9A8-4B97-A975-E7AF0D7110A0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-895l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2E62F905-D226-463C-8BA9-201E8B0165FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*","matchCriteriaId":"0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0BCCA2BB-4577-402C-88B5-F8E10770CA35"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*","matchCriteriaId":"B1EA89C7-4655-43A3-9D2B-D57640D56C09"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3441E49F-C21B-4B68-89AD-BD46E8D88638"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*","matchCriteriaId":"AD481B64-A25D-4123-B575-20EC3C524D9C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-880l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"52A89607-6CBB-4197-AF08-8A52FA73F703"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*","matchCriteriaId":"CC772491-6371-4712-B358-E74D9C5062FD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"26512943-D705-484D-B9EA-BF401606DFA3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*","matchCriteriaId":"33B501D4-BDDD-485E-A5A3-8AA8D5E46061"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-850l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E72B76AE-8D5C-4FAD-A7FC-303CB0670C98"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*","matchCriteriaId":"607DDB44-0E4E-4606-8909-B624345688D4"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2016/Nov/38","source":"cret@cert.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94130","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40805/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/677427","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://seclists.org/fulldisclosure/2016/Nov/38","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94130","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40805/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/677427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}