Vulnerability: Administrator Credentials Disclosure in D-Link DIR-130 and DIR-330

Vulnerability: Administrator Credentials Disclosure in D-Link DIR-130 and DIR-330

CVE-2017-3192 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.

Learn more about our Web App Pen Testing.