Vulnerability Note VU#553503
D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials.
The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:
CWE-294: Authentication Bypass by Capture-replay - CVE-2017-3191
A remote attacker may be able to obtain administrator credentials and access administrator functionality of the device.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|D-Link Systems, Inc.||Affected||25 Jan 2017||07 Mar 2017|
CVSS Metrics (Learn More)
Thanks to James Edge for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2017-3191 CVE-2017-3192
- Date Public: 15 Mar 2017
- Date First Published: 15 Mar 2017
- Date Last Updated: 24 Mar 2017
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.