Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-5074

CWE-798 — Hard-coded Credentials5 documents5 sources

Severity

9.8CRITICAL

EPSS

92.6%

top 0.26%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

D-link D-view 8 Dlink D-view 8

Timeline

PublishedSep 20

Description

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDdlink/d-view_82.0.1.28

▶CVEListV5d-link/d-view_82.0.1.28

🔴Vulnerability Details

CVEList

Authentication Bypass in D-Link D-View 8↗2023-09-20

▶

GHSA

GHSA-q4wc-wj28-4hxh: Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2↗2023-09-20

▶

VulnCheck

D-Link d-view_8 Use of Hard-coded Credentials↗2023

▶

💥Exploits & PoCs

Nuclei

D-Link D-View 8 v2.0.1.28 - Authentication Bypass

▶