CVE-2017-3191

Summary

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.

Affected Software

VendorProductVersion RangeStatus
D-LinkDIR-1301.23affected
D-LinkDIR-3301.12affected

Weaknesses

  • CWE-294: CWE-294: Authentication Bypass by Capture-replay

ADP Enrichment

CVE Program Container

Additional References

References