VYPR

D-View

by Dlink

CVEs (19)

  • CVE-2023-32165CriMay 3, 2024
    risk 0.70cvss 9.8epss 0.73

    D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-5074CriSep 20, 2023
    risk 0.69cvss 9.8epss 0.68

    Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

  • CVE-2023-32169CriMay 3, 2024
    risk 0.68cvss 9.8epss 0.56

    D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2023-7163CriDec 28, 2023
    risk 0.65cvss 10.0epss 0.02

    A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory…

  • CVE-2024-5296CriMay 23, 2024
    risk 0.64cvss 9.8epss 0.01

    D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2023-44414CriMay 3, 2024
    risk 0.64cvss 9.8epss 0.02

    D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-44411CriMay 3, 2024
    risk 0.64cvss 9.8epss 0.02

    D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-44412HigMay 3, 2024
    risk 0.60cvss 8.2epss 0.84

    D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-32166HigMay 3, 2024
    risk 0.59cvss 8.1epss 0.74

    D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw…

  • CVE-2024-5299HigMay 23, 2024
    risk 0.57cvss 8.8epss 0.02

    D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the…

  • CVE-2024-5298HigMay 23, 2024
    risk 0.57cvss 8.8epss 0.02

    D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this…

  • CVE-2024-5297HigMay 23, 2024
    risk 0.57cvss 8.8epss 0.02

    D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing…

  • CVE-2023-44410HigMay 3, 2024
    risk 0.57cvss 8.8epss 0.01

    D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists…

  • CVE-2023-32168HigMay 3, 2024
    risk 0.57cvss 8.8epss 0.02

    D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists…

  • CVE-2023-32164HigMay 3, 2024
    risk 0.56cvss 7.5epss 0.85

    D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-44413HigMay 3, 2024
    risk 0.49cvss 7.5epss 0.01

    D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-32167MedMay 3, 2024
    risk 0.48cvss 6.5epss 0.77

    D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. …

  • CVE-2026-23754Jan 21, 2026
    risk 0.00cvss epss 0.00

    D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators.…

  • CVE-2026-23755Jan 21, 2026
    risk 0.00cvss epss 0.00

    D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can…