21 matches found
D-Link D-View 8 v2.0.1.28 - Authentication Bypass
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 id: CVE-2023-5074 info: name: D-Link D-View 8 v2.0.1.28 - Authentication Bypass author: DhiyaneshDK severity: critical description: | Use of a static key t...
CVE-2026-23754 D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover
D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...
CVE-2026-23755 D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...
EUVD-2026-3606
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...
PT-2026-3842
D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credenti...
PT-2026-3843
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...
CVE-2023-7163 D-Link D-View 8 Unauthenticated Probe-Core Server Communication
A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the...
CVE-2023-7163
The CVE-2023-7163 issue affects D-Link D-View 8, versions 2.0.2.89 and earlier. The root cause described across sources is manipulation of the probe inventory in the D-View service, enabling an attacker to disclose information from other probes, cause denial-of-service when the inventory becomes ...
D-Link D-View 8 Hard-coded JWT Key (CVE-2023-5074)
Binary data dlinkdview8staticjwtkey.nbin...
D-Link D-View 8 Web Server Detection
Binary data dlinkdview8webserverdetect.nbin...
The vulnerability of the addDv7Probe function in the D-View 8 network device management platform allows a hacker to gain unauthorized access to protected information.
The vulnerability of the addDv7Probe function in the D-View 8 network device management platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
CVE-2023-5074
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...
Authentication flaw
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...
CVE-2023-5074
CVE-2023-5074 affects D-Link D-View 8, specifically version 2.0.1.28, where a static key protects the JWT used for user authentication. This design enables an authentication bypass risk by forging or manipulating tokens, effectively allowing unauthorized access to D-View 8 systems. The relevant c...
CVE-2023-5074 Authentication Bypass in D-Link D-View 8
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...
CVE-2023-5074 Authentication Bypass in D-Link D-View 8
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...
D-Link D-View 8 Trust Management Issue Vulnerability
D-Link D-View is a web-based design network device management software from China AUO D-Link. A security vulnerability exists in D-Link D-View version 8 v2.0.1.28, which stems from the use of a static key to protect the JWT token, resulting in an authentication bypass vulnerability...
PT-2023-5389 · D Link · D-Link D-View 8
Name of the Vulnerable Software and Affected Versions: D-Link D-View 8 version 2.0.1.28 Description: The issue is related to the use of a static key for protecting JWT tokens in user authentication, which can allow an attacker to bypass security restrictions and gain unauthorized access to...
D-Link D-View 8 Path Traversal RCE (CVE-2023-32165)
Binary data dlinkdview8cve-2023-32165.nbin...
D-Link D-View 8 Probe Server Detection
Binary data dlinkdview8probedetect.nbin...