CRITICAL🇵🇱 Wersja polska

CVE-2023-44411

CVSS 9.8v3.0pub. 2024-05-03upd. 2025-08-07

D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallApplication class. The class contains a hard-coded password for the remotely reachable database. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19553.

🤖 AI Analysis
How it works

The InstallApplication class contains hardcoded credentials for a remotely accessible database. An attacker, without needing any credentials or user interaction, can use this password to establish a database connection and bypass the system's authentication mechanisms. The vulnerability is accessible remotely over the network, and the low attack complexity makes its exploitation relatively simple.

Impact

An attacker can completely bypass D-Link D-View system authentication, gaining unauthorized access to the database and potentially taking control of the network management system, resulting in violation of data confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Additionally, it is recommended to restrict network access to the D-View interface exclusively to trusted hosts and implement network segmentation to prevent unauthorized access to the management system.

Who is affected

D-Link D-View 8 — specific versions indicated in the manufacturer's references and in the Zero Day Initiative advisory (ZDI-CAN-19553)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink D View 8

    APP
    Dlink
    1.0.2.13
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-5296CRITICAL9.8PL ✓ten sam produkt

D-Link D-View 8 — pominięcie uwierzytelnienia przez zakodowany klucz kryptograficzny

CVE-2023-44414CRITICAL9.8PL ✓ten sam produkt

D-Link D-View: RCE przez ujawnioną niebezpieczną funkcję w coreservice_action_script

CVE-2023-32165CRITICAL9.8PL ✓ten sam produkt

D-Link D-View: RCE przez path traversal w TftpReceiveFileHandler

CVE-2023-32169CRITICAL9.8PL ✓ten sam produkt

D-Link D-View: pominięcie uwierzytelnienia przez hardkodowany klucz kryptograficzny

CVE-2023-7163CRITICAL10.0PL ✓ten sam produkt

D-Link D-View 8: Manipulacja inwentarzem sond umożliwia RCE i DoS