CVE-2017-3191

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.

Weakness

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/102.html
• https://cwe.mitre.org/data/definitions/509.html
• https://cwe.mitre.org/data/definitions/555.html
• https://cwe.mitre.org/data/definitions/561.html
• https://cwe.mitre.org/data/definitions/60.html
• https://cwe.mitre.org/data/definitions/644.html
• https://cwe.mitre.org/data/definitions/645.html
• https://cwe.mitre.org/data/definitions/652.html
• https://cwe.mitre.org/data/definitions/701.html
• https://cwe.mitre.org/data/definitions/94.html

References

• https://exchange.xforce.ibmcloud.com/vulnerabilities/123293
• https://www.kb.cert.org/vuls/id/553503
• https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/
• https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/
• https://exchange.xforce.ibmcloud.com/vulnerabilities/123293
• https://www.kb.cert.org/vuls/id/553503
• https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/
• https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/