D-View
by Dlink
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-32165 | Cri | 0.70 | 9.8 | 0.73 | May 3, 2024 | D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The… | ||
| CVE-2023-5074 | Cri | 0.69 | 9.8 | 0.68 | Sep 20, 2023 | Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | ||
| CVE-2023-32169 | Cri | 0.68 | 9.8 | 0.56 | May 3, 2024 | D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw… | ||
| CVE-2023-7163 | Cri | 0.65 | 10.0 | 0.02 | Dec 28, 2023 | A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory… | ||
| CVE-2024-5296 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2024 | D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw… | ||
| CVE-2023-44414 | Cri | 0.64 | 9.8 | 0.02 | May 3, 2024 | D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. … | ||
| CVE-2023-44411 | Cri | 0.64 | 9.8 | 0.02 | May 3, 2024 | D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The… | ||
| CVE-2023-44412 | Hig | 0.60 | 8.2 | 0.84 | May 3, 2024 | D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. … | ||
| CVE-2023-32166 | Hig | 0.59 | 8.1 | 0.74 | May 3, 2024 | D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw… | ||
| CVE-2024-5299 | Hig | 0.57 | 8.8 | 0.02 | May 23, 2024 | D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the… | ||
| CVE-2024-5298 | Hig | 0.57 | 8.8 | 0.02 | May 23, 2024 | D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this… | ||
| CVE-2024-5297 | Hig | 0.57 | 8.8 | 0.02 | May 23, 2024 | D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing… | ||
| CVE-2023-44410 | Hig | 0.57 | 8.8 | 0.01 | May 3, 2024 | D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists… | ||
| CVE-2023-32168 | Hig | 0.57 | 8.8 | 0.02 | May 3, 2024 | D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists… | ||
| CVE-2023-32164 | Hig | 0.56 | 7.5 | 0.85 | May 3, 2024 | D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The… | ||
| CVE-2023-44413 | Hig | 0.49 | 7.5 | 0.01 | May 3, 2024 | D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. … | ||
| CVE-2023-32167 | Med | 0.48 | 6.5 | 0.77 | May 3, 2024 | D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. … | ||
| CVE-2026-23754 | 0.00 | — | 0.00 | Jan 21, 2026 | D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators.… | |||
| CVE-2026-23755 | 0.00 | — | 0.00 | Jan 21, 2026 | D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can… |
- risk 0.70cvss 9.8epss 0.73
D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…
- risk 0.69cvss 9.8epss 0.68
Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28
- risk 0.68cvss 9.8epss 0.56
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw…
- risk 0.65cvss 10.0epss 0.02
A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory…
- risk 0.64cvss 9.8epss 0.01
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw…
- risk 0.64cvss 9.8epss 0.02
D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. …
- risk 0.64cvss 9.8epss 0.02
D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…
- risk 0.60cvss 8.2epss 0.84
D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. …
- risk 0.59cvss 8.1epss 0.74
D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw…
- risk 0.57cvss 8.8epss 0.02
D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the…
- risk 0.57cvss 8.8epss 0.02
D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this…
- risk 0.57cvss 8.8epss 0.02
D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing…
- risk 0.57cvss 8.8epss 0.01
D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists…
- risk 0.57cvss 8.8epss 0.02
D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists…
- risk 0.56cvss 7.5epss 0.85
D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…
- risk 0.49cvss 7.5epss 0.01
D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. …
- risk 0.48cvss 6.5epss 0.77
D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. …
- CVE-2026-23754Jan 21, 2026risk 0.00cvss —epss 0.00
D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators.…
- CVE-2026-23755Jan 21, 2026risk 0.00cvss —epss 0.00
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can…