D-Link D-View 8 vulnerabilities

CVE-2026-23755 [HIGH] CWE-427 CVE-2026-23755: D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in th D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, whe

CVE-2026-23754 [HIGH] CWE-639 CVE-2026-23754: D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in bac D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentica

CVE-2023-7163 [CRITICAL] CWE-20 CVE-2023-7163: A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manip A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes.

CVE-2023-5074 [CRITICAL] CWE-798 CVE-2023-5074: Use of a static key to protect a JWT token used in user authentication can allow an for an authentic Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28