CVE-2023-5074

CRITICAL EXPLOITED NUCLEI

D-Link D-View 8 <v2.0.1.28 - Auth Bypass

Title source: llm

Description

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

Exploits (1)

Nuclei Templates (1)

D-Link D-View 8 v2.0.1.28 - Authentication Bypass
CRITICALVERIFIEDby DhiyaneshDK
Shodan: http.favicon.hash:-1317621215 || http.favicon.hash:"-1317621215"
FOFA: icon_hash="-1317621215"

References (1)

Scores

CVSS v3 9.8
EPSS 0.9258
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-04
CWE
CWE-798
Status published
Products (1)
dlink/d-view_8 2.0.1.28
Published Sep 20, 2023
Tracked Since Feb 18, 2026