Hard-coded Credentials Authentication Bypass Vulnerability in D-Link D-View
CVE-2023-44411

9.8CRITICAL

Key Information:

Vendor: D-link
Status: D-view
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-44411?

This vulnerability pertains to the D-Link D-View software, where the InstallApplication class contains hard-coded credentials that allow remote attackers to bypass the authentication mechanism. This flaw exposes the system to unauthorized access, as exploiting this vulnerability does not require authentication, permitting attackers to connect to the system's remotely reachable database. This vulnerability highlights significant security concerns regarding credential management and the importance of regular software security audits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

D-View DLink D-View8 1.0.2.13

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1509/

x_research-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023

JSON

D-link

What is CVE-2023-44411?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.