D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.

Related CVEs

CVE-2017-3192

Key Information

GHSA ID

GHSA-29rr-mhwv-g7pr

Published

May 13, 2022 1:36 AM

Last Modified

April 20, 2025 3:50 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 13, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.