Tuesday, November 8, 2016

CVE-2016-6563 RCE flaw affects D-Link Routers, disable remote admin

Carnegie-Mellon CERT warns of a flawed implementation of HNAP in D-Link routers (CVE-2016-6563) that could be exploited for remote execute code.

According to the Carnegie-Mellon CERT the implementation of the Home Network Automation Protocol (HNAP) of D-Link routers is affected by a stack-based buffer overflow vulnerability tracked as  CVE-2016-6563.

The flaw could be exploited by a remote, unauthenticated attacker to execute arbitrary code with root privileges.

“Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPa…
To learn more visit: Security Affairs

The post CVE-2016-6563 RCE flaw affects D-Link Routers, disable remote admin appeared first on Homeland Security Degrees.

http://www.homelandsecurityedus.org/homeland-security-news/cve-2016-6563-rce-flaw-affects-d-link-routers-disable-remote-admin/




from WordPress https://homelandsecurityedus.wordpress.com/2016/11/08/cve-2016-6563-rce-flaw-affects-d-link-routers-disable-remote-admin/
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)