Vulnerability Note VU#553503
D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
Original Release date: 15 Mar 2017 | Last revised: 24 Mar 2017
The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials.
The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:
CWE-294: Authentication Bypass by Capture-replay – CVE-2017-3191
A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
CWE-522: Insufficiently Protected Credentials – CVE-2017-3192
The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page.
A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.
D-Link has confirmed these issues to the CERT/CC.
Other D-Link models may be affected by these issues, but were not tested by the reporter or the CERT/CC.
CERT/CC has received a report that the DIR-655 may also be impacted, but has not verified it at this time.
A remote attacker may be able to obtain administrator credentials and access administrator functionality of the device.
The CERT/CC is currently unaware of a practical solution to this problem.
Affected users may consider the following workaround:
As a general good security practice, only allow connections from trusted hosts and networks.
Additionally, you may wish to disable remote administration of the router.
Vendor Information (Learn More)
VendorStatusDate NotifiedDate UpdatedD-Link Systems, Inc.Affected25 Jan 201707 Mar 2017If you are a vendor and your product is affected, let
CVSS Metrics (Learn More)
Thanks to James Edge for reporting this vulnerability.
This document was written by Garret Wassermann.
15 Mar 2017
Date First Published:
15 Mar 2017
Date Last Updated:
24 Mar 2017
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.