D-Link fixes auth bypass and RCE flaws in D-View 8 software

D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.

D-View is a network management suite developed by the Taiwanese networking solutions vendor D-Link, used by businesses of all sizes for monitoring performance, controlling device configurations, creating network maps, and generally making network management and administration more efficient and less time-consuming.

Security researchers participating in Trend Micro’s Zero Day Initiative discovered six flaws impacting D-View late last year and reported them to the vendor on December 23, 2022.

The first flaw is tracked as CVE-2023-32165 and is a remote code execution flaw arising from the lack of proper validation of a user-supplied path before using it in file operations.

The second critical flaw has received the identifier CVE-2023-32169 and is an authentication bypass problem resulting from using a hard-coded cryptographic key on the TokenUtils class of the software.

D-Link has released an advisory on all six flaws reported by the ZDI, which impact D-View 8 version and below, urging admins to upgrade to the fixed version,, released on May 17, 2023.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.