According to the CERT team at Carnegie Mellon University, the D-Link router has a stack buffer overflow vulnerability due to the Home Network Automation Protocol (HNAP). The vulnerability can be remotely exploited, and unauthorized users can attack the router to gain root privileges.

3fd4a2e7889de131d68ba22baec6672a

When an HNAP login is performed, a malformed SOAP message causes the stack buffer to overflow. The SOAP body is vulnerable to attack XML fields are: Action, Username, LoginPassword, Captcha.

Affected router model:

  • DIR-823
  • DIR-822
  • DIR-818L(W)
  • DIR-895L
  • DIR-890L
  • DIR-885L
  • DIR-880L
  • DIR-868L

You can use Metasploit to exploit this vulerability.

POC