D-Link D-View Core Service Script Remote Code Execution Vulnerability
CVE-2023-44414

9.8CRITICAL

Key Information:

Vendor: D-link
Status: D-view
Vendor: CVE Published:; 3 May 2024

Summary

The vulnerability in D-Link D-View stems from a flaw within the coreservice_action_script action, which exposes a dangerous function allowing remote attackers to execute arbitrary code. This exploit does not require authentication, thereby increasing its severity and potential impact. Successful exploitation enables attackers to execute code with SYSTEM privileges, leading to significant security breaches within affected environments. It is crucial for organizations using D-Link D-View to assess their systems and implement necessary patches to mitigate the risks posed by this vulnerability.

Affected Version(s)

D-View DLink D-View8 1.0.2.13

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1512/

x_research-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023