D-Link DIR model router's Home Network Administration Protocol (HNAP) service contains a stack-based buffer overflow that has not been patched by the manufacturer.The flaw, listed under CVE-2016-6563, and spotted by Pedro Ribeiro, at Agile Information Security, can allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. The buffer overflow in the stack occurs when the router processes a malformed simple object access protocol (SOAP) messages when performing the HNAP login function.
“The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha,” wrote Trent Novelly, on the Carnegie Mellon University Vulnerability Notes Database.
There is no solution available yet from D-Link, but Novelly suggested disabling remote administration of the router as a possible solution.
D-Link has not responded to an SC Media request for more information.