Routers HNAP Service Stack-Based Buffer Overflow Vulnerability

10 November, 2016


The security research firm, dbappsecurity, notified D-Link of a theoretical buffer overflow vulnerability which was discovered using an emulator software. D-Link immediately began work on verifying the existence of the issue, yet was unable to replicate it on the physical product. Regardless, to eliminate the potential risk, we have released firmware patches to related product that were sent to dbappsecurity for validation. These firmware patches also resolve the recently published CERT record reported by Pedro Ribeiro.

Referencing: CWE-121 CVE-2016-6563 VU#677427

CERT Record :: Details Here

Affected Devices:

  • DIR-890L H/W vers. A1
  • DIR-880L H/W vers. A1
  • DIR-879 H/W vers. A1
  • DIR-869 H/W vers. A1
  • DIR-868L H/W vers. B1
  • DIR-868L H/W vers. A1
  • DIR-859 H/W vers. A1
  • DIR-818LW H/W vers. B1

General Recommendations

Immediately update to the fixed firmware referenced in the list below.