D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/123293 | VDB Entry |
https://www.kb.cert.org/vuls/id/553503 | Issue Tracking Third Party Advisory US Government Resource |
https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/ | Press/Media Coverage |
https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/ | Issue Tracking Third Party Advisory |
Configurations
History
26 Apr 2023, 18:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:d-link:dir-330:-:*:*:*:*:*:*:* |
cpe:2.3:h:dlink:dir-130:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-330:-:*:*:*:*:*:*:* |
Information
Published : 2017-12-16 02:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-3191
Mitre link : CVE-2017-3191
CVE.ORG link : CVE-2017-3191
JSON object : View
Products Affected
dlink
- dir-130
- dir-330
d-link
- dir-130_firmware
- dir-330_firmware