Authentication Bypass in D-Link D-View 8
CVE-2023-5074

9.8CRITICAL

Key Information:

Vendor: D-link
Status: D-view 8
Vendor: CVE Published:; 20 September 2023

Summary

The D-Link D-View 8 version 2.0.1.28 is exposed to a security risk due to the use of a static key for protecting JSON Web Tokens (JWT) used in user authentication. This flaw can allow unauthorized users to bypass authentication mechanisms, potentially granting them access to sensitive data and functionalities within the application. It is crucial for users to update their systems and implement security best practices to mitigate this vulnerability.

Affected Version(s)

D-View 8 2.0.1.28

References

https://www.tenable.com/security/research/tra-2023-32

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Sep 19, 2023