US-CERT said the routers are vulnerable to authentication bypass of the remote login page.
US-CERT said the routers are vulnerable to authentication bypass of the remote login page.

US-CERT reported that the D-Link DIR-130 and DIR-330 routers are vulnerable to authentication bypass of the remote login page and the devices do not sufficiently protect administrator credentials.

The vulnerabilities to the D-Link DIR-130, firmware version 1.23,  and DIR-330, firmware version 1.12 are covered under CVE-2017-3191 and CVE-2017- 3192.

The former issue allows a remote attacker to access the remote management login page and manipulate a POST request to gain access to administrator-only pages. The latter vulnerability is that the tools_admin.asp page discloses the administrator password in base64 encoding. When this flaw is exploited in conjunction with CVE-2017-3191 the attacker can obtain the router's administrator credentials.

D-Link was notified of the issue on January 25, but CERT stated it is unaware of a solution. One possible workaround is for users to disable remote administration.