Flaw makes Trendnet, D-Link routers vulnerable to remote attack
Flaw makes Trendnet, D-Link routers vulnerable to remote attack

D-Link DIR model router's Home Network Administration Protocol (HNAP) service contains a stack-based buffer overflow that has not been patched by the manufacturer.

The flaw, listed under CVE-2016-6563, and spotted by Pedro Ribeiro, at Agile Information Security, can allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. The buffer overflow in the stack occurs when the router processes a malformed simple object access protocol (SOAP) messages when performing the HNAP login function.

“The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha,” wrote Trent Novelly, on the Carnegie Mellon University Vulnerability Notes Database.

There is no solution available yet from D-Link, but Novelly suggested disabling remote administration of the router as a possible solution.

D-Link has not responded to an SC Media request for more information.