D-Link D-View Authentication Bypass Vulnerability

CVE-2024-5296

Currently unrated 🤨

Key Information

Vendor: D-Link
Vendor: CVE Published:; 23 May 2024

Badges

📰 News Worthy

Summary

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21991.

News Articles

prophaze.com

CVE-2024-5296

CVE-2024-5296 : D-LINK D-VIEW 2.0.1.28 TOKENUTILS HARD-CODED KEY - Cloud WAF

CVE-2024-5296 - D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View.

4 months ago

Timeline

First article discovered by prophaze.com
May 24, 2024
Vulnerability published.
May 23, 2024

Collectors

NVD Database1 News Article(s)