cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-44414,https://securityvulnerability.io/vulnerability/CVE-2023-44414,D-Link D-View Core Service Script Remote Code Execution Vulnerability,"The vulnerability in D-Link D-View stems from a flaw within the coreservice_action_script action, which exposes a dangerous function allowing remote attackers to execute arbitrary code. This exploit does not require authentication, thereby increasing its severity and potential impact. Successful exploitation enables attackers to execute code with SYSTEM privileges, leading to significant security breaches within affected environments. It is crucial for organizations using D-Link D-View to assess their systems and implement necessary patches to mitigate the risks posed by this vulnerability.",D-link,D-view,9.8,CRITICAL,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:13:44.671Z,0
CVE-2023-44413,https://securityvulnerability.io/vulnerability/CVE-2023-44413,D-Link D-View Missing Authentication Denial-of-Service Vulnerability,"A vulnerability exists in D-Link D-View related to the shutdown_coreserver action, where a lack of proper authentication allows attackers to gain unauthorized access. This flaw can be exploited remotely, leading to a denial-of-service condition. By leveraging this vulnerability, an attacker can interfere with the normal operation of the D-View system without needing to authenticate, making it a significant security concern for organizations relying on this platform.",D-link,D-view,5.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:13:43.937Z,0
CVE-2023-44412,https://securityvulnerability.io/vulnerability/CVE-2023-44412,D-Link D-View XML External Entity Processing Information Disclosure Vulnerability,"The vulnerability within D-Link D-View involves a significant flaw in the addDv7Probe function, where improper handling of XML External Entity (XXE) references allows an attacker to craft a malicious document. This crafted document specifies a URI that, when processed by the XML parser, can lead to unauthorized disclosure of sensitive information. The vulnerability does not require authentication, which increases the risk as attackers can exploit it to gather information within the context of the system.",D-link,D-view,8.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:13:43.171Z,0
CVE-2023-44411,https://securityvulnerability.io/vulnerability/CVE-2023-44411,Hard-coded Credentials Authentication Bypass Vulnerability in D-Link D-View,"This vulnerability pertains to the D-Link D-View software, where the InstallApplication class contains hard-coded credentials that allow remote attackers to bypass the authentication mechanism. This flaw exposes the system to unauthorized access, as exploiting this vulnerability does not require authentication, permitting attackers to connect to the system's remotely reachable database. This vulnerability highlights significant security concerns regarding credential management and the importance of regular software security audits.",D-link,D-view,9.8,CRITICAL,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:13:42.479Z,0
CVE-2023-44410,https://securityvulnerability.io/vulnerability/CVE-2023-44410,D-Link D-View Improper Authorization Privilege Escalation Vulnerability,"The vulnerability identified in D-Link D-View exists due to improper authorization within the showUsers method, allowing authenticated attackers to escalate privileges. When exploited, this flaw enables attackers to access sensitive resources and perform actions typically restricted to higher privileged users. Successful exploitation requires valid credentials, highlighting the importance of strong authentication measures to mitigate this risk. Organizations utilizing affected versions of D-Link D-View should implement necessary updates as outlined in advisory ZDI-23-1508 to safeguard against potential exploitation.",D-link,D-view,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:13:41.742Z,0
CVE-2023-32169,https://securityvulnerability.io/vulnerability/CVE-2023-32169,D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability,"An authentication bypass vulnerability exists in D-Link's D-View management software due to the use of a hard-coded cryptographic key within the TokenUtils class. This flaw enables remote attackers to bypass authentication mechanisms, allowing unauthorized access to affected systems without needing valid credentials. As a result, attackers can potentially manipulate system functions and gain sensitive information, posing significant security risks for enterprises relying on D-Link D-View. Users are urged to review their security settings and consider updates to mitigate risks associated with this vulnerability.",D-link,D-view,9.8,CRITICAL,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T01:56:47.263Z,0
CVE-2023-32168,https://securityvulnerability.io/vulnerability/CVE-2023-32168,D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability,"The D-Link D-View product contains a vulnerability stemming from improper authorization within the showUser method, which opens the door for remote attackers to exploit it and escalate their privileges. This flaw allows unauthorized access to sensitive resources generally off-limits to standard users. To successfully exploit this vulnerability, an attacker must authenticate to the system, thus adding a layer of complexity to the exploitation process. This vulnerability showcases the critical need for stringent authorization checks in software implementations to safeguard against unauthorized access and protect sensitive data.",D-link,D-view,8.8,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T01:56:46.531Z,0
CVE-2023-32167,https://securityvulnerability.io/vulnerability/CVE-2023-32167,D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability,"A directory traversal vulnerability has been identified in D-Link D-View, specifically within the uploadMib function. The flaw arises from inadequate validation of user-supplied paths before they are utilized in critical file operations. This vulnerability permits authenticated remote attackers to create or delete arbitrary files within the affected system, potentially allowing the execution of unauthorized actions at the SYSTEM level. Organizations using D-Link D-View should prioritize proper security measures to mitigate this risk.",D-link,D-view,6.5,MEDIUM,0.0009299999801442027,false,false,false,false,,false,false,2024-05-03T01:56:45.744Z,0
CVE-2023-32166,https://securityvulnerability.io/vulnerability/CVE-2023-32166,D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability,"A directory traversal vulnerability exists in the D-Link D-View, specifically within the uploadFile function. This flaw arises from insufficient validation of user-supplied paths before they are utilized in file operations. As a result, an attacker with valid authentication can manipulate the system to create arbitrary files, potentially leading to unauthorized access or further exploitation within the affected installations. This risk highlights the critical need for proper input validation mechanisms to avert such security threats.",D-link,D-view,8.1,HIGH,0.0009299999801442027,false,false,false,false,,false,false,2024-05-03T01:56:44.976Z,0
CVE-2023-32165,https://securityvulnerability.io/vulnerability/CVE-2023-32165,D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability,"A directory traversal vulnerability has been identified in the D-Link D-View software that allows remote attackers to execute arbitrary code through the TftpReceiveFileHandler class. This security issue arises due to insufficient validation of user-supplied paths before execution in file operations. An attacker can exploit this flaw to gain remote access and execute code with SYSTEM privileges, potentially compromising the affected system. The vulnerability does not require user authentication, making it easier for malicious actors to exploit it and gain control over vulnerable systems.",D-link,D-view,9.8,CRITICAL,0.0009299999801442027,false,false,false,false,,false,false,2024-05-03T01:56:44.181Z,0
CVE-2023-32164,https://securityvulnerability.io/vulnerability/CVE-2023-32164,D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability,"The D-Link D-View TftpSendFileThread is affected by a directory traversal vulnerability that could permit remote attackers to access sensitive information stored on vulnerable installations. This flaw arises from inadequate validation of user-provided paths prior to execution in file operations. Malicious actors could exploit this weakness without authentication, granting them access to files and potentially compromising the security of the affected systems. The vulnerability poses significant risks and highlights the need for immediate attention and remediation.",D-link,D-view,7.5,HIGH,0.0009299999801442027,false,false,false,false,,false,false,2024-05-03T01:56:43.451Z,0
CVE-2023-7163,https://securityvulnerability.io/vulnerability/CVE-2023-7163,D-Link D-View 8 Unauthenticated Probe-Core Server Communication,"A security flaw in D-Link's D-View 8 service allows attackers to manipulate the probe inventory, potentially leading to unauthorized access to sensitive information from other probes. The vulnerability can also cause denial of service scenarios by saturating the probe inventory, disrupting normal operations. Prompt mitigation is recommended to safeguard against these potential threats.",D-Link,D-View 8,10,CRITICAL,0.0058200000785291195,false,false,false,false,,false,false,2023-12-28T16:16:00.000Z,0
CVE-2023-5074,https://securityvulnerability.io/vulnerability/CVE-2023-5074,Authentication Bypass in D-Link D-View 8,"The D-Link D-View 8 version 2.0.1.28 is exposed to a security risk due to the use of a static key for protecting JSON Web Tokens (JWT) used in user authentication. This flaw can allow unauthorized users to bypass authentication mechanisms, potentially granting them access to sensitive data and functionalities within the application. It is crucial for users to update their systems and implement security best practices to mitigate this vulnerability.",D-link,D-view 8,9.8,CRITICAL,0.020479999482631683,false,false,false,false,,false,false,2023-09-20T16:15:00.000Z,0