QwikSec

Security Database

CVE

CWE

Training

CVE-2017-3191

Published: Dec 15, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.

Vendor	Product	Versions
D-Link	DIR-130	affected `1.23`
D-Link	DIR-330	affected `1.12`

Weaknesses (CWE)

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123293

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/

x_refsource_MISC

https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.