CERTVU:553503D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.079 Low
EPSS
Percentile
94.3%
Overview
The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials.
Description
The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:
CWE-294**: Authentication Bypass by Capture-replay -**CVE-2017-3191
A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
CWE-522**: Insufficiently Protected Credentials**** -**CVE-2017-3192
The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.
D-Link has confirmed these issues to the CERT/CC.
Other D-Link models may be affected by these issues, but were not tested by the reporter or the CERT/CC. CERT/CC has received a report that the DIR-655 may also be impacted, but has not verified it at this time.
Impact
A remote attacker may be able to obtain administrator credentials and access administrator functionality of the device.
Solution
The CERT/CC is currently unaware of a practical solution to this problem.
Affected users may consider the following workaround:
Restrict Access
As a general good security practice, only allow connections from trusted hosts and networks. Additionally, you may wish to disable remote administration of the router.
Vendor Information
553503
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
D-Link Systems, Inc. Affected
Notified: January 25, 2017 Updated: March 07, 2017
Statement Date: March 03, 2017
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 9 | E:POC/RL:U/RC:C |
| Environmental | 6.7 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- <http://cwe.mitre.org/data/definitions/294.html>
- <http://cwe.mitre.org/data/definitions/522.html>
Acknowledgements
Thanks to James Edge for reporting this vulnerability.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2017-3191, CVE-2017-3192 |
|---|---|
| Date Public: | 2017-03-15 Date First Published: |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.079 Low
EPSS
Percentile
94.3%