D-Link D-View Improper Authorization Privilege Escalation Vulnerability
CVE-2023-44410

8.8HIGH

Key Information:

Vendor: D-link
Status: D-view
Vendor: CVE Published:; 3 May 2024

Summary

The vulnerability identified in D-Link D-View exists due to improper authorization within the showUsers method, allowing authenticated attackers to escalate privileges. When exploited, this flaw enables attackers to access sensitive resources and perform actions typically restricted to higher privileged users. Successful exploitation requires valid credentials, highlighting the importance of strong authentication measures to mitigate this risk. Organizations utilizing affected versions of D-Link D-View should implement necessary updates as outlined in advisory ZDI-23-1508 to safeguard against potential exploitation.

Affected Version(s)

D-View DLink D-View8 1.0.2.13

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1508/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023