CVE-2016-5681

Name of the Vulnerable Software and Affected Versions D-Link DIR-850L B1 versions 2.07 through 2.07WWB04 D-Link DIR-817 Ax version not specified D-Link DIR-818LW Bx versions prior to 2.05b03beta03 D-Link DIR-822 C1 versions 3.01 through 3.01WWb01 D-Link DIR-823 A1 versions 1.00 through 1.00WWb04 D-Link DIR-895L A1 versions 1.11 through 1.11WWb03 D-Link DIR-890L A1 versions 1.09 through 1.09b13 D-Link DIR-885L A1 versions 1.11 through 1.11WWb06 D-Link DIR-880L A1 versions 1.07 through 1.07WWb07 D-Link DIR-868L B1 versions 2.03 through 2.03WWb00 D-Link DIR-868L C1 versions 3.00 through 3.00WWb00

Description A stack-based buffer overflow issue exists in the dws/api/Login endpoint on certain D-Link devices, allowing remote attackers to execute arbitrary code via a long session cookie.

Recommendations For D-Link DIR-850L B1 version 2.07, update to version 2.07WWB05 or later. For D-Link DIR-817 Ax, update to a version that is not affected by this issue. For D-Link DIR-818LW Bx versions prior to 2.05b03beta03, update to version 2.05b03beta03 or later. For D-Link DIR-822 C1 versions 3.01 through 3.01WWb01, update to version 3.01WWb02 or later. For D-Link DIR-823 A1 versions 1.00 through 1.00WWb04, update to version 1.00WWb05 or later. For D-Link DIR-895L A1 versions 1.11 through 1.11WWb03, update to version 1.11WWb04 or later. For D-Link DIR-890L A1 versions 1.09 through 1.09b13, update to version 1.09b14 or later. For D-Link DIR-885L A1 versions 1.11 through 1.11WWb06, update to version 1.11WWb07 or later. For D-Link DIR-880L A1 versions 1.07 through 1.07WWb07, update to version 1.07WWb08 or later. For D-Link DIR-868L B1 versions 2.03 through 2.03WWb00, update to version 2.03WWb01 or later. For D-Link DIR-868L C1 versions 3.00 through 3.00WWb00, update to version 3.00WWb01 or later.