Routers HNAP Service Stack-Based Buffer Overflow Vulnerability

10 marraskuuta, 2016

Overview

The security research firm, dbappsecurity, notified D-Link of a theoretical buffer overflow vulnerability which was discovered using an emulator software. D-Link immediately began work on verifying the existence of the issue, yet was unable to replicate it on the physical product. Regardless, to eliminate the potential risk, we have released firmware patches to related product that were sent to dbappsecurity for validation. These firmware patches also resolve the recently published CERT record reported by Pedro Ribeiro.

Referencing: CWE-121 CVE-2016-6563 VU#677427

CERT Record :: Details Here

Affected Devices:

DIR-890L H/W vers. A1
DIR-880L H/W vers. A1
DIR-879 H/W vers. A1
DIR-869 H/W vers. A1
DIR-868L H/W vers. B1
DIR-868L H/W vers. A1
DIR-859 H/W vers. A1
DIR-818LW H/W vers. B1

General Recommendations

Immediately update to the fixed firmware referenced in the list below.

DIR-890L H/W vers. A1 F/W v1.11b01
DIR-880L H/W vers. A1 F/W v1.08b04
DIR-879 H/W vers. A1 F/W v1.04b01
DIR-869 H/W vers. A1 F/W v1.03b02
DIR-868L H/W vers. B1 F/W v2.05b02
DIR-868L H/W vers. A1 F/W v1.12b04
DIR-859 H/W vers. A1 F/W v1.06b01
DIR-818LW H/W vers. B1 F/W v2.05b08

Routers HNAP Service Stack-Based Buffer Overflow Vulnerability

Always be the first to know

Sign up to our newsletter and stay up to date