Routers HNAP Service Stack-Based Buffer Overflow Vulnerability
10 November, 2016
Overview
The security research firm, dbappsecurity, notified D-Link of a theoretical buffer overflow vulnerability which was discovered using an emulator software. D-Link immediately began work on verifying the existence of the issue, yet was unable to replicate it on the physical product. Regardless, to eliminate the potential risk, we have released firmware patches to related product that were sent to dbappsecurity for validation. These firmware patches also resolve the recently published CERT record reported by Pedro Ribeiro.
Referencing: CWE-121 CVE-2016-6563 VU#677427
CERT Record :: Details Here
- DIR-890L H/W vers. A1
- DIR-880L H/W vers. A1
- DIR-879 H/W vers. A1
- DIR-869 H/W vers. A1
- DIR-868L H/W vers. B1
- DIR-868L H/W vers. A1
- DIR-859 H/W vers. A1
- DIR-818LW H/W vers. B1
General Recommendations
Immediately update to the fixed firmware referenced in the list below.