D-Link D-View Authentication Bypass Vulnerability
CVE-2024-5296

Currently unrated

Key Information:

Vendor
D-Link
Vendor
CVE Published:
23 May 2024

Badges

πŸ“° News Worthy

Summary

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21991.

News Articles

favicon imageprophaze.com

CVE-2024-5296 : D-LINK D-VIEW 2.0.1.28 TOKENUTILS HARD-CODED KEY - Cloud WAF

CVE-2024-5296 - D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View.

8 months ago

References

https://www.zerodayinitiative.com/advisories/ZDI-24-447/

Timeline

  • πŸ“°

    First article discovered by prophaze.com

  • Vulnerability published

.