Lucene search
K
DlinkD-view 8

19 matches found

CVE
CVE
added 2023/09/20 3:32 p.m.2517 views

CVE-2023-5074

CVE-2023-5074 affects D-Link D-View 8, specifically version 2.0.1.28, where a static key protects the JWT used for user authentication. This design enables an authentication bypass risk by forging or manipulating tokens, effectively allowing unauthorized access to D-View 8 systems. The relevant c...

9.8CVSS9.7AI score0.67914EPSS
In wild
CVE
CVE
added 2024/05/23 9:29 p.m.86 views

CVE-2024-5296

CVE-2024-5296 concerns D-Link D-View, where the TokenUtils class uses a hard-coded cryptographic key, enabling remote authentication bypass on affected installations. Multiple sources (ZDI advisory ZDI-24-447, NVD entry) describe the flaw as a hard-coded key leading to authentication bypass, with...

9.8CVSS9.7AI score0.01124EPSS
CVE
CVE
added 2024/05/23 9:30 p.m.82 views

CVE-2024-5297

The CVE-2024-5297 issue affects D-Link D-View with a flaw in the executeWmicCmd method. The vulnerability stems from insufficient validation of a user-supplied string before it is used to perform a system call, allowing an attacker to execute code with root privileges on affected installations. A...

8.8CVSS9.2AI score0.01929EPSS
CVE
CVE
added 2024/05/23 9:30 p.m.80 views

CVE-2024-5298

Affected product : D-Link D-View. Vulnerability : Remote Code Execution via the exposed dangerous method in the queryDeviceCustomMonitorResult function. The flaw allows an attacker to execute code in the context of root. Although authentication is required, the authentication mechanism can be byp...

8.8CVSS9.2AI score0.01847EPSS
CVE
CVE
added 2024/05/03 2:13 a.m.74 views

CVE-2023-44414

CVE-2023-44414 affects D-Link D-View, exposing the coreservice_action_script action where a dangerous function is unintentionally exposed. The flaw permits remote code execution with SYSTEM privileges and requires no authentication, over the network. This aligns with ZDI-23-1512 and NVD/NVD-deriv...

9.8CVSS9.8AI score0.02353EPSS
CVE
CVE
added 2024/05/23 9:30 p.m.73 views

CVE-2024-5299

The CVE-2024-5299 entry concerns D-Link D-View, a web-based network device management software. The flaw resides in the execMonitorScript method, due to an exposed dangerous method, enabling remote code execution. Attackers can execute code in the context of root; the advisory notes that authenti...

8.8CVSS9.2AI score0.01819EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.66 views

CVE-2023-32169

Summary: CVE-2023-32169 affects D-Link D-View. The issue is a flaw in the TokenUtils class caused by a hard-coded cryptographic key, enabling remote attackers to bypass authentication on affected installations. The vulnerability allows authentication bypass without user interaction and presents a...

9.8CVSS9.7AI score0.56064EPSS
CVE
CVE
added 2024/05/03 2:13 a.m.65 views

CVE-2023-44413

CVE-2023-44413 affects D-Link D-View, specifically the shutdown_coreserver action. The flaw is due to a lack of authentication before accessing this functionality, enabling unauthenticated remote users to cause a denial-of-service condition via network access. Public references describe the explo...

7.5CVSS5.8AI score0.01489EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.63 views

CVE-2023-32164

D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure (CVE-2023-32164) involves the TftpSendFileThread class, where a user-supplied path is not properly validated before file operations. This allows remote attackers to disclose sensitive information in the SYSTEM context wit...

7.5CVSS7.1AI score0.8487EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.63 views

CVE-2023-32165

D-Link D-View is affected by a Directory Traversal in TftpReceiveFileHandler that enables Remote Code Execution. The flaw stems from insufficient validation of a user-supplied path before file operations, allowing an attacker to run code in the SYSTEM context without authentication. Documented im...

9.8CVSS9.8AI score0.73315EPSS
CVE
CVE
added 2024/05/03 2:13 a.m.63 views

CVE-2023-44411

CVE-2023-44411 covers a vulnerability in D-Link D-View where the flaw resides in the InstallApplication class, which contains a hard-coded password for the remotely reachable database. This allows a remote attacker to bypass authentication on affected installations, effectively compromising acces...

9.8CVSS9.6AI score0.02351EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.61 views

CVE-2023-32167

The CVE-2023-32167 entry concerns D-Link D-View’s uploadMib function, where improper validation of a user-supplied path enables directory traversal and arbitrary file creation/deletion in the SYSTEM context. The vulnerability requires authentication to exploit and is evidenced by multiple disclos...

6.5CVSS6.5AI score0.76504EPSS
CVE
CVE
added 2024/05/03 2:13 a.m.59 views

CVE-2023-44410

CVE-2023-44410 affects D-Link D-View. The vulnerability resides in the showUsers method, where insufficient authorization allows remote attackers to escalate privileges to otherwise protected resources. Exploitation requires authentication. Impact is described as privilege escalation with high se...

8.8CVSS8.8AI score0.01452EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.55 views

CVE-2023-32166

CVE-2023-32166 affects D-Link D‑View. The issue is in the uploadFile function, where user-supplied paths are not properly validated before file operations, enabling an attacker to traverse directories and create arbitrary files. The vulnerability allows file creation in the SYSTEM context and req...

8.1CVSS8AI score0.74302EPSS
CVE
CVE
added 2024/05/03 2:13 a.m.54 views

CVE-2023-44412

The CVE-2023-44412 issue affects D-Link D-View’s addDv7Probe function, where improper restriction of XML External Entity (XXE) references allows an unauthenticated attacker to cause the XML parser to access a crafted URI and embed its contents, enabling information disclosure in the SYSTEM contex...

8.2CVSS7.7AI score0.83681EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.48 views

CVE-2023-32168

CVE-2023-32168 affects D-Link D-View; flaw in showUser allows privilege escalation due to lack of proper authorization on a privileged endpoint. Exploitation appears to require network access with authentication; impact is escalation to resources normally protected. Connected sources discuss ZDI ...

8.8CVSS8.8AI score0.01633EPSS
CVE
CVE
added 2023/12/28 3:37 p.m.47 views

CVE-2023-7163

The CVE-2023-7163 issue affects D-Link D-View 8, versions 2.0.2.89 and earlier. The root cause described across sources is manipulation of the probe inventory in the D-View service, enabling an attacker to disclose information from other probes, cause denial-of-service when the inventory becomes ...

10CVSS9.4AI score0.01673EPSS
CVE
CVE
added 2026/01/21 6:2 p.m.17 views

CVE-2026-23754

CVE-2026-23754 affects D-Link D-View 8, versions 2.0.1.107 and earlier. The Red Hat, CIRCL, NVD, and CVE listings describe an improper access control vulnerability in backend API endpoints: any authenticated user can supply an arbitrary user_id to retrieve sensitive credential data belonging to o...

8.8CVSS5.7AI score0.00319EPSS
CVE
CVE
added 2026/01/21 6:2 p.m.15 views

CVE-2026-23755

CVE-2026-23755 affects D-Link D-View 8 installer, versions 2.0.1.107 and below. The vulnerability is an uncontrolled search path leading to DLL preloading: during installation, the process loads version.dll from its execution directory when run with elevated privileges via UAC, enabling attacker-...

8.4CVSS5.8AI score0.00141EPSS