The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following: CWE-294: Authentication Bypass by Capture-replay - CVE-2017-3191



A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.



CWE-522: Insufficiently Protected Credentials - CVE-2017-3192



The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.



D-Link has confirmed these issues to the CERT/CC.



Other D-Link models may be affected by these issues, but were not tested by the reporter or the CERT/CC. CERT/CC has received a report that the DIR-655 may also be impacted, but has not verified it at this time.