CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32165 – D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32165
24 May 2023 — D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpReceiveFileHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32168 – D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32168
24 May 2023 — D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUser method. The issue results from the lack of proper authorization before accessing a privileged endpoint. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332 • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32169 – D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-32169
24 May 2023 — D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332 • CWE-321: Use of Hard-coded Cryptographic Key •