D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
[
{
"product": "DIR-130",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.23"
}
]
},
{
"product": "DIR-330",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.12"
}
]
}
]