D-Link D-View vulnerabilities

CVE-2024-5296 [CRITICAL] CWE-321 CVE-2024-5296: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerab D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-coded

CVE-2024-5299 [HIGH] CWE-749 CVE-2024-5299: D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This v D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists

CVE-2024-5297 [HIGH] CWE-78 CVE-2024-5297: D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerabili D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the

CVE-2024-5298 [HIGH] CWE-749 CVE-2024-5298: D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerab D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific

CVE-2023-32169 [CRITICAL] CWE-321 CVE-2023-32169: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerab D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-cod

CVE-2023-32165 [CRITICAL] CWE-22 CVE-2023-32165: D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This v D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpReceiveFileHandler class. The issue resu

CVE-2023-44414 [CRITICAL] CWE-749 CVE-2023-44414: D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerabili D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coreservice_action_script action.

CVE-2023-44411 [CRITICAL] CWE-798 CVE-2023-44411: D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class con

CVE-2023-32166 [HIGH] CWE-22 CVE-2023-32166: D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerabili D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadFile function. The issue results from the lack of proper

CVE-2023-44410 [HIGH] CWE-285 CVE-2023-44410: D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerabilit D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUsers method. The issue results from the lack of proper autho

CVE-2023-32168 [HIGH] CWE-285 CVE-2023-32168: D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUser method. The issue results from the lack of proper authori

CVE-2023-32164 [HIGH] CWE-22 CVE-2023-32164: D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vuln D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpSendFileThread class. The issue results

CVE-2023-44412 [HIGH] CWE-611 CVE-2023-44412: D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addDv7Probe function. Due to the improp

CVE-2023-44413 [HIGH] CWE-306 CVE-2023-44413: D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulne D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the shutdown_coreserver action. The issue

CVE-2023-32167 [MEDIUM] CWE-22 CVE-2023-32167: D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadMib function. The issue results f