Vulnerability warning: D-Link router remote command execution

According to the CERT team at Carnegie Mellon University, the D-Link router has a stack buffer overflow vulnerability due to the Home Network Automation Protocol (HNAP). The vulnerability can be remotely exploited, and unauthorized users can attack the router to gain root privileges.

When an HNAP login is performed, a malformed SOAP message causes the stack buffer to overflow. The SOAP body is vulnerable to attack XML fields are: Action, Username, LoginPassword, Captcha.

Affected router model:

  • DIR-823
  • DIR-822
  • DIR-818L(W)
  • DIR-895L
  • DIR-890L
  • DIR-885L
  • DIR-880L
  • DIR-868L

You can use Metasploit to exploit this vulerability.

POC