D-Link DIR-130 and DIR-330 Administrator Certificate Vulnerability

The D-Link DIR-130 and DIR-330 are both wireless router products from AUO D-Link. A vulnerability exists in the D-Link DIR-130 with firmware version 1.23 a and the DIR-330 with firmware version 1.12, which stems from the program failing to adequately protect the administrator certificate. A remot...

CVE-2017-3192

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The toolsadmin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page potentially through a...

CVE-2017-3191

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages...

Authentication flaw

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages...

CVE-2017-3192

The CVE-2017-3192 issue affects D-Link DIR-130 (firmware 1.23) and DIR-330 (firmware 1.12). Public details confirm an authentication-related flaw where the tools_admin.asp page transmits the administrator password in base64, allowing a remote attacker with access to that page to potentially obtai...

CVE-2017-3191

CVE-2017-3191 affects D-Link DIR-130 (firmware 1.23) and DIR-330 (firmware 1.12); a POST manipulation on the remote management login page enables authentication bypass to access admin pages (e.g., tools_admin.asp) without credentials. Related CVE-2017-3192 covers credential exposure on tools_admi...

PT-2017-15702 · D Link · D-Link Dir-330 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12 Description: The issue concerns insufficient protection of administrator credentials. Specifically, the tools admin.asp page returns the administrator password in base64 encoding, allowi...

PT-2017-15701 · D Link · D-Link Dir-330 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12 Description: The issue allows a remote attacker to bypass authentication on the remote login page. By manipulating the POST request, an attacker can access administrator-only pages, such...

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Overview The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials. Description The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:CWE-294:...