D-Link D-View Authentication Bypass Vulnerability
CVE-2024-5296

9.8CRITICAL

Key Information:

Vendor: D-link
Status: D-view
Vendor: CVE Published:; 23 May 2024

Badges

📰 News Worthy

What is CVE-2024-5296?

The D-Link D-View software contains a significant vulnerability that allows remote attackers to bypass authentication protocols. This flaw is due to a hard-coded cryptographic key used in the TokenUtils class, which can be exploited without any authentication requirements. As a result, attackers can gain unauthorized access to the system, posing a serious security risk to affected installations.

Affected Version(s)

D-View 2.0.1.28

News Articles

prophaze.com

CVE-2024-5296

CVE-2024-5296 : D-LINK D-VIEW 2.0.1.28 TOKENUTILS HARD-CODED KEY - Cloud WAF

CVE-2024-5296 - D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-447/

x_research-advisory

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by prophaze.com
May 24, 2024
Vulnerability published
May 23, 2024

CVE-2024-5296 Data

JSON

D-link

Badges

What is CVE-2024-5296?

Affected Version(s)

News Articles

CVE-2024-5296 : D-LINK D-VIEW 2.0.1.28 TOKENUTILS HARD-CODED KEY - Cloud WAF

References

CVSS V3.0

Timeline