VDB
CVE-2017-3192
CVE-2017-3192
PUBLISHED
CVSS 5 MEDIUM
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.
EPSS 27.69% · 96.5th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
27.69%
96.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| d-link | dir-130_firmware | 1.23 |
| D-Link | DIR-330 | 1.12 |
| d-link | dir-330_firmware | 1.12 |
| D-Link | DIR-130 | 1.23 |
Timeline
- Mar 15, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Mar 26, 2023 EPSS Score
- May 8, 2023 EPSS Score
References
- VU#553503 third-party-advisory
- https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/ url
- https://exchange.xforce.ibmcloud.com/vulnerabilities/123292 url
- https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/ url
- https://nvd.nist.gov/vuln/detail/CVE-2017-3192 advisory
- https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553 url
- https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703 url