VYPR
Unrated severityNVD Advisory· Published Jan 21, 2026· Updated Mar 5, 2026

D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path

CVE-2026-23755

Description

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dlink/D-Viewllm-fuzzy2 versions
    <=2.0.1.107+ 1 more
    • (no CPE)range: <=2.0.1.107
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.