Executive Summary

Summary
Title D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
Informations
NameVU#553503First vendor Publication2017-03-15
VendorVU-CERTLast vendor Modification2017-03-24
Severity (Vendor) N/ARevisionM

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#553503

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Original Release date: 15 Mar 2017 | Last revised: 24 Mar 2017

Overview

The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials.

Description

The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:

CWE-294: Authentication Bypass by Capture-replay - CVE-2017-3191

A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.

CWE-522: Insufficiently Protected Credentials - CVE-2017-3192

The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.

D-Link has confirmed these issues to the CERT/CC.

Other D-Link models may be affected by these issues, but were not tested by the reporter or the CERT/CC. CERT/CC has received a report that the DIR-655 may also be impacted, but has not verified it at this time.

Impact

A remote attacker may be able to obtain administrator credentials and access administrator functionality of the device.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Affected users may consider the following workaround:

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks. Additionally, you may wish to disable remote administration of the router.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
D-Link Systems, Inc.Affected25 Jan 201707 Mar 2017
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal9.0E:POC/RL:U/RC:C
Environmental6.7CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://cwe.mitre.org/data/definitions/294.html
  • http://cwe.mitre.org/data/definitions/522.html

Credit

Thanks to James Edge for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2017-3191CVE-2017-3192
  • Date Public:15 Mar 2017
  • Date First Published:15 Mar 2017
  • Date Last Updated:24 Mar 2017
  • Document Revision:30

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/553503

CWE : Common Weakness Enumeration

%idName
50 %CWE-255Credentials Management
50 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware1
Hardware1
Os1
Os1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2017-12-27 21:23:56
  • Multiple Updates
2017-12-16 09:23:30
  • Multiple Updates
2017-03-24 21:23:10
  • Multiple Updates
2017-03-15 17:22:54
  • First insertion