The vulnerability of the addDv7Probe function in the D-View 8 network device management platform allows a hacker to gain unauthorized access to protected information.

🗓️ 17 Oct 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

The addDv7Probe flaw in D-View 8 allows unauthorized access due to extensible markup language external reference limits.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2023-44412	3 May 202403:15	–	attackerkb
CNNVD	D-Link D-View 安全漏洞	3 May 202400:00	–	cnnvd
CVE	CVE-2023-44412	3 May 202402:13	–	cve
Cvelist	CVE-2023-44412 D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability	3 May 202402:13	–	cvelist
EUVD	EUVD-2023-48752	3 Oct 202520:07	–	euvd
NVD	CVE-2023-44412	3 May 202403:15	–	nvd
OSV	CVE-2023-44412	3 May 202403:15	–	osv
Positive Technologies	PT-2023-6102 · D Link · D-Link D-View	4 Oct 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-44412 D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability	3 May 202402:13	–	vulnrichment
Zero Day Initiative	(0Day) D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability	4 Oct 202300:00	–	zdi

Source	Link
vuldb	www.vuldb.com/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-19571/
safe-surf	www.safe-surf.ru/upload/VULN-new/VULN.2023-10-06.1.pdf
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-1510/

17 Oct 2023 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 38.2

CVSS 28.5

EPSS0.83681

addDv7Probe flaw D-View 8 vulnerability extensible markup language external references unauthorized access network device management