D-View 8: TrendMicro (ZDI) Reported Multiple Vulnerabilities
17 May, 2023
On December 28, 2022, 3rd party security research from TrendMicro ZDI reported the D-Link D-View 8.0 Network Device Management platform as having multiple vulnerabilities. The research was done on a demo version of the software, the corrected, and qualified version is the first release version from D-Link Corporation.
As soon as D-Link was made aware of the reported security issues, we had promptly started our investigation and began developing security patches.
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.
- Reported by TrendMicro ZDI
- ZDI-CAN-19496: D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability
- ZDI-CAN-19497: D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability
- ZDI-CAN-19527: D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability
- ZDI-CAN-19529: D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability
- ZDI-CAN-19534: D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability
- ZDI-CAN-19659: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
||v18.104.22.168 and below
You must update via the application (downloadable from https://dview.dlink.com/), or
contact you regional technical support for license verification