CRITICAL🇵🇱 Wersja polska

CVE-2023-7163

CVSS 10.0v3.1pub. 2023-12-28upd. 2024-11-21

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes.

🤖 AI Analysis
How it works

An attacker, without any authentication and from any network location, can manipulate the probe inventory managed by the D-View service. Lack of proper input validation (CWE-20) allows unauthorized registration or modification of probe entries. As a result, the inventory can be overflowed, leading to denial of service conditions, or the attacker can impersonate another probe and take over task execution.

Impact

An attacker can gain access to information collected by other probes (confidentiality breach), cause denial of service by overflowing the probe inventory (DoS), and execute tasks on behalf of other probes — which may lead to unauthorized actions in the managed network.

Mitigation & patch

Apply patches available from the vendor according to the references. Additionally, it is recommended to restrict network access to the D-View service only to trusted hosts using a firewall and to monitor activity in the probe inventory.

Who is affected

D-Link D-View 8 versions 2.0.2.89 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Dlink D View 8

    APP
    Dlink
    2.0.2.89
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2024-5296CRITICAL9.8PL ✓ten sam produkt

D-Link D-View 8 — pominięcie uwierzytelnienia przez zakodowany klucz kryptograficzny

CVE-2023-44414CRITICAL9.8PL ✓ten sam produkt

D-Link D-View: RCE przez ujawnioną niebezpieczną funkcję w coreservice_action_script

CVE-2023-32165CRITICAL9.8PL ✓ten sam produkt

D-Link D-View: RCE przez path traversal w TftpReceiveFileHandler

CVE-2023-32169CRITICAL9.8PL ✓ten sam produkt

D-Link D-View: pominięcie uwierzytelnienia przez hardkodowany klucz kryptograficzny

CVE-2023-44411CRITICAL9.8PL ✓ten sam produkt

D-Link D-View: hardcoded credentials umożliwiają bypass uwierzytelnienia