CVE-2026-23755

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...

CVE-2026-23754 D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...

PT-2023-32916

Name of the Vulnerable Software and Affected Versions D-Link D-View 8 versions 2.0.2.89 and prior Description A security issue exists that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial ...

VulnCheck KEV: CVE-2023-5074

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...

The vulnerability of the coreservice_action_script function in the D-View 8 network device management platform allows a hacker to execute arbitrary code.

The vulnerability of the coreserviceactionscript function in the D-View 8 network device management platform is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the Shutdown_coreserver component in the D-View 8 network device management platform allows a intruder to trigger a service failure.

The vulnerability of the Shutdowncoreserver component in the D-View 8 network device management platform is related to the lack of authentication before granting access to functions. Exploiting this vulnerability could allow a intruder to cause a service failure...

The vulnerability of the InstallApplication class in the D-View 8 network device management platform allows a perpetrator to bypass authentication.

The vulnerability of the InstallApplication class in the D-View 8 network device management platform is related to the use of pre-installed credentials. Exploiting this vulnerability allows a remote attacker to bypass authentication processes...

The vulnerability of the showUser method in the D-View 8 network device management platform allows a hacker to escalate their privileges.

The vulnerability of the “showUser” method in the D-View 8 network device management platform is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the D-View 8 network device management platform, which stems from the use of rigidly encrypted user credentials, allows a malicious actor to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the D-View 8 network device management platform lies in the use of a static key during the processing of JWT tokens. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...

The vulnerability of the TftpSendFileThread component in the D-View 8 network device management platform allows a hacker to disclose protected information.

The vulnerability of the TftpSendFileThread component in the D-View 8 network device management platform is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a remote attacker to disclose the protected information...

The vulnerability of the uploadMib function in the D-View 8 network device management platform allows a hacker to delete any files they desire.

The vulnerability of the uploadMib function in the D-View 8 network device management platform is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to delete any files they desire...

The vulnerability of the TftpReceiveFileHandler component in the D-View 8 network device management platform allows a hacker to execute arbitrary code within the kernel context.

The vulnerability of the TftpReceiveFileHandler component in the D-View 8 network device management platform is related to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code within the kerne...

The vulnerability of the showUser method in the D-View 8 network device management platform allows a hacker to escalate their privileges.

The vulnerability of the showUser method in the D-View 8 network device management platform is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

The vulnerability of the uploadFile function in the D-View 8 network device management platform allows a hacker to create arbitrary files.

The vulnerability of the uploadFile function in the D-View 8 network device management platform is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to create arbitrary files remotely...