CVE-2017-3192

Name of the Vulnerable Software and Affected Versions D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12

Description The issue concerns insufficient protection of administrator credentials. Specifically, the tools admin.asp page returns the administrator password in base64 encoding, allowing a remote attacker with access to this page to obtain administrator credentials. This could potentially be exploited through an authentication bypass.

Recommendations For D-Link DIR-130 version 1.23, consider restricting access to the tools admin.asp page until a fix is available. For D-Link DIR-330 version 1.12, avoid using the administrator credentials in the affected page until the issue is resolved. As a temporary workaround, consider disabling access to the tools admin.asp page to minimize the risk of exploitation.