VDB

CVE-2017-3192

CVE-2017-3192 PUBLISHED CVSS 5 MEDIUM

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.

EPSS 27.69% · 96.5th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
27.69%
96.5th percentile

Affected Products

VendorProductVersions
d-linkdir-130_firmware1.23
D-LinkDIR-3301.12
d-linkdir-330_firmware1.12
D-LinkDIR-1301.23

Timeline

  • Mar 15, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Mar 26, 2023 EPSS Score
  • May 8, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›