Lucene search
K

21 matches found

Nuclei
Nuclei
added yesterday49 views

D-Link D-View 8 v2.0.1.28 - Authentication Bypass

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 id: CVE-2023-5074 info: name: D-Link D-View 8 v2.0.1.28 - Authentication Bypass author: DhiyaneshDK severity: critical description: | Use of a static key t...

9.8CVSS7AI score0.67914EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/21 6:2 p.m.4 views

CVE-2026-23754 D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...

8.7CVSS5.7AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/21 6:2 p.m.2 views

CVE-2026-23755 D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...

8.4CVSS5.8AI score0.00141EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 6:2 p.m.5 views

EUVD-2026-3606

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...

8.4CVSS5.8AI score0.00141EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.12 views

PT-2026-3842

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credenti...

8.7CVSS5.7AI score0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3843

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...

8.4CVSS5.8AI score0.00141EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/28 3:37 p.m.21 views

CVE-2023-7163 D-Link D-View 8 Unauthenticated Probe-Core Server Communication

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the...

10CVSS9.5AI score0.01673EPSS
Exploits1References1
CVE
CVE
added 2023/12/28 3:37 p.m.46 views

CVE-2023-7163

The CVE-2023-7163 issue affects D-Link D-View 8, versions 2.0.2.89 and earlier. The root cause described across sources is manipulation of the probe inventory in the D-View service, enabling an attacker to disclose information from other probes, cause denial-of-service when the inventory becomes ...

10CVSS9.4AI score0.01673EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.49 views

D-Link D-View 8 Hard-coded JWT Key (CVE-2023-5074)

Binary data dlinkdview8staticjwtkey.nbin...

9.8CVSS9.6AI score0.67914EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.14 views

D-Link D-View 8 Web Server Detection

Binary data dlinkdview8webserverdetect.nbin...

7.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.5 views

The vulnerability of the addDv7Probe function in the D-View 8 network device management platform allows a hacker to gain unauthorized access to protected information.

The vulnerability of the addDv7Probe function in the D-View 8 network device management platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

8.5CVSS7.5AI score0.83681EPSS
Exploits0References5
NVD
NVD
added 2023/09/20 4:15 p.m.24 views

CVE-2023-5074

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...

9.8CVSS9.7AI score0.67914EPSS
Exploits1References1
Prion
Prion
added 2023/09/20 4:15 p.m.23 views

Authentication flaw

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...

7.5CVSS9.6AI score0.67914EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/09/20 3:32 p.m.2517 views

CVE-2023-5074

CVE-2023-5074 affects D-Link D-View 8, specifically version 2.0.1.28, where a static key protects the JWT used for user authentication. This design enables an authentication bypass risk by forging or manipulating tokens, effectively allowing unauthorized access to D-View 8 systems. The relevant c...

9.8CVSS9.7AI score0.67914EPSS
In wildExploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/20 3:32 p.m.14 views

CVE-2023-5074 Authentication Bypass in D-Link D-View 8

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...

9.8CVSS7.2AI score0.67914EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/09/20 3:32 p.m.27 views

CVE-2023-5074 Authentication Bypass in D-Link D-View 8

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28...

9.8CVSS9.9AI score0.67914EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.8 views

D-Link D-View 8 Trust Management Issue Vulnerability

D-Link D-View is a web-based design network device management software from China AUO D-Link. A security vulnerability exists in D-Link D-View version 8 v2.0.1.28, which stems from the use of a static key to protect the JWT token, resulting in an authentication bypass vulnerability...

9.8CVSS7AI score0.67914EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.5 views

PT-2023-5389 · D Link · D-Link D-View 8

Name of the Vulnerable Software and Affected Versions: D-Link D-View 8 version 2.0.1.28 Description: The issue is related to the use of a static key for protecting JWT tokens in user authentication, which can allow an attacker to bypass security restrictions and gain unauthorized access to...

10CVSS8.2AI score0.67914EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.23 views

D-Link D-View 8 Path Traversal RCE (CVE-2023-32165)

Binary data dlinkdview8cve-2023-32165.nbin...

9.8CVSS9.7AI score0.73315EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.24 views

D-Link D-View 8 Probe Server Detection

Binary data dlinkdview8probedetect.nbin...

7.3AI score
Exploits0References1
Rows per page
Query Builder