US-CERT reported that the D-Link DIR-130 and DIR-330 routers are vulnerable to authentication bypass of the remote login page and the devices do not sufficiently protect administrator credentials.
The vulnerabilities to the D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12 are covered under CVE-2017-3191 and CVE-2017- 3192.
The former issue allows a remote attacker to access the remote management login page and manipulate a POST request to gain access to administrator-only pages. The latter vulnerability is that the tools_admin.asp page discloses the administrator password in base64 encoding. When this flaw is exploited in conjunction with CVE-2017-3191 the attacker can obtain the router's administrator credentials.
D-Link was notified of the issue on January 25, but CERT stated it is unaware of a solution. One possible workaround is for users to disable remote administration.
