Dlink D-View 8 vulnerabilities

CVE-2026-23754 [HIGH] CWE-639 CVE-2026-23754: D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in bac D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentica

CVE-2026-23755 [HIGH] CWE-427 CVE-2026-23755: D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in th D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, whe

CVE-2024-5296 [CRITICAL] CWE-321 CVE-2024-5296: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerab D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-coded

CVE-2024-5297 [HIGH] CWE-78 CVE-2024-5297: D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerabili D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the

CVE-2024-5299 [HIGH] CWE-749 CVE-2024-5299: D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This v D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists

CVE-2024-5298 [HIGH] CWE-749 CVE-2024-5298: D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerab D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific

CVE-2023-44414 [CRITICAL] CWE-749 CVE-2023-44414: D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerabili D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coreservice_action_script action.

CVE-2023-44411 [CRITICAL] CWE-798 CVE-2023-44411: D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class con

CVE-2023-32165 [CRITICAL] CWE-22 CVE-2023-32165: D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This v D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpReceiveFileHandler class. The issue resu

CVE-2023-32169 [CRITICAL] CWE-321 CVE-2023-32169: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerab D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-cod

CVE-2023-32166 [HIGH] CWE-22 CVE-2023-32166: D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerabili D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadFile function. The issue results from the lack of proper

CVE-2023-44410 [HIGH] CWE-285 CVE-2023-44410: D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerabilit D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUsers method. The issue results from the lack of proper autho

CVE-2023-32164 [HIGH] CWE-22 CVE-2023-32164: D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vuln D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpSendFileThread class. The issue results

CVE-2023-32168 [HIGH] CWE-285 CVE-2023-32168: D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUser method. The issue results from the lack of proper authori

CVE-2023-44413 [HIGH] CWE-306 CVE-2023-44413: D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulne D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the shutdown_coreserver action. The issue

CVE-2023-44412 [HIGH] CWE-611 CVE-2023-44412: D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addDv7Probe function. Due to the improp

CVE-2023-32167 [MEDIUM] CWE-22 CVE-2023-32167: D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadMib function. The issue results f

CVE-2023-7163 [CRITICAL] CWE-20 CVE-2023-7163: A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manip A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes.

CVE-2023-5074 [CRITICAL] CWE-798 CVE-2023-5074: Use of a static key to protect a JWT token used in user authentication can allow an for an authentic Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28