search menu icon-carat-right cmu-wordmark

CERT Coordination Center

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Vulnerability Note VU#553503

Original Release Date: 2017-03-15 | Last Revised: 2017-03-24


The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials.


The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:

CWE-294: Authentication Bypass by Capture-replay - CVE-2017-3191

A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.

CWE-522: Insufficiently Protected Credentials - CVE-2017-3192

The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.

D-Link has confirmed these issues to the CERT/CC.

Other D-Link models may be affected by these issues, but were not tested by the reporter or the CERT/CC. CERT/CC has received a report that the DIR-655 may also be impacted, but has not verified it at this time.


A remote attacker may be able to obtain administrator credentials and access administrator functionality of the device.


The CERT/CC is currently unaware of a practical solution to this problem.

Affected users may consider the following workaround:

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks. Additionally, you may wish to disable remote administration of the router.

Vendor Information


D-Link Systems, Inc. Affected

Notified:  January 25, 2017 Updated: March 07, 2017

Statement Date:   March 03, 2017



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 10 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 9 E:POC/RL:U/RC:C
Environmental 6.7 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND



Thanks to James Edge for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2017-3191, CVE-2017-3192
Date Public: 2017-03-15
Date First Published: 2017-03-15
Date Last Updated: 2017-03-24 17:02 UTC
Document Revision: 31

Sponsored by CISA.