Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| dlink | dir-823_firmware | - | - |
| dlink | dir-822_firmware | - | - |
| dlink | dir-818l\(w\)_firmware | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9
Affected Products
8
References
dlink / dir-823_firmware
| - |
| dlink | dir-895l_firmware | - | - |
| dlink | dir-890l_firmware | - | - |
| dlink | dir-885l_firmware | - | - |
| dlink | dir-880l_firmware | - | - |
| dlink | dir-868l_firmware | - | - |
| dlink | dir-850l_firmware | - | - |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact