CVE-2017-3192

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.

Date published : 2017-12-15

https://www.kb.cert.org/vuls/id/553503

https://exchange.xforce.ibmcloud.com/vulnerabilities/123292