D-Link D-View Improper Authorization Privilege Escalation Vulnerability
CVE-2023-44410
8.8HIGH
What is CVE-2023-44410?
The vulnerability identified in D-Link D-View exists due to improper authorization within the showUsers method, allowing authenticated attackers to escalate privileges. When exploited, this flaw enables attackers to access sensitive resources and perform actions typically restricted to higher privileged users. Successful exploitation requires valid credentials, highlighting the importance of strong authentication measures to mitigate this risk. Organizations utilizing affected versions of D-Link D-View should implement necessary updates as outlined in advisory ZDI-23-1508 to safeguard against potential exploitation.
Affected Version(s)
D-View DLink D-View8 1.0.2.13