CVE-2017-3191

Name of the Vulnerable Software and Affected Versions D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12

Description The issue allows a remote attacker to bypass authentication on the remote login page. By manipulating the POST request, an attacker can access administrator-only pages, such as tools admin.asp, without credentials.

Recommendations For D-Link DIR-130 version 1.23, update the firmware to a version that addresses the authentication bypass issue. For D-Link DIR-330 version 1.12, update the firmware to a version that addresses the authentication bypass issue. As a temporary workaround, consider restricting access to the remote management login page to minimize the risk of exploitation.