D-Link Dir-130 Firmware vulnerabilities
2 known vulnerabilities affecting d-link/dir-130_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2017-3191P2CRITICALCVSS 9.8v1.232017-12-16
CVE-2017-3191 [CRITICAL] CWE-294 CVE-2017-3191: D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authenticat
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.
nvd
CVE-2017-3192P2CRITICALCVSS 9.8v1.232017-12-16
CVE-2017-3192 [CRITICAL] CVE-2017-3192: D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect a
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain admi
nvd