CVE-2017-3192

CVE-2017-3192

Vendor D-Link
Product DIR-130
Weakness CWE-522 · Insufficiently protected credentials
Published December 15, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.

Key dates

02Disclosure timeline

December 15, 2017 CVE published
August 5, 2024 Record updated