D-Link fixes auth bypass and RCE flaws in D-View 8 software

D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.

D-View is a network management suite developed by the Taiwanese networking solutions vendor D-Link, used by businesses of all sizes for monitoring performance, controlling device configurations, creating network maps, and generally making network management and administration more efficient and less time-consuming.

Security researchers participating in Trend Micro’s Zero Day Initiative discovered six flaws impacting D-View late last year and reported them to the vendor on December 23, 2022.

The first flaw is tracked as CVE-2023-32165 and is a remote code execution flaw arising from the lack of proper validation of a user-supplied path before using it in file operations.

The second critical flaw has received the identifier CVE-2023-32169 and is an authentication bypass problem resulting from using a hard-coded cryptographic key on the TokenUtils class of the software.

D-Link has released an advisory on all six flaws reported by the ZDI, which impact D-View 8 version 2.0.1.27 and below, urging admins to upgrade to the fixed version, 2.0.1.28, released on May 17, 2023.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.