D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Overview

The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials.

Description

The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following: CWE-294: Authentication Bypass by Capture-replay - CVE-2017-3191 A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. CWE-522: Insufficiently Protected Credentials - CVE-2017-3192 The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. D-Link has confirmed these issues to the CERT/CC. Other D-Link models may be affected by these issues, but were not tested by the reporter or the CERT/CC.

Impact

A remote attacker may be able to obtain administrator credentials and access administrator functionality of the device.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. Affected users may consider the following workaround:

Restrict Access As a general good security practice, only allow connections from trusted hosts and networks. Additionally, you may wish to disable remote administration of the router.

Vendor Information (Learn More)

Vendor	Status	Date Notified	Date Updated
D-Link Systems, Inc.	Affected	25 Jan 2017	07 Mar 2017