Hard-coded Credentials Authentication Bypass Vulnerability in D-Link D-View
CVE-2023-44411
9.8CRITICAL
What is CVE-2023-44411?
This vulnerability pertains to the D-Link D-View software, where the InstallApplication class contains hard-coded credentials that allow remote attackers to bypass the authentication mechanism. This flaw exposes the system to unauthorized access, as exploiting this vulnerability does not require authentication, permitting attackers to connect to the system's remotely reachable database. This vulnerability highlights significant security concerns regarding credential management and the importance of regular software security audits.
Affected Version(s)
D-View DLink D-View8 1.0.2.13