Tenable Discloses an Authentication Bypass Vulnerability in D-Link D-View 8 - 20230926001

Overview

Tenable have published an advisory relating to an Authentication Bypass Vulnerability in D-Link D-View 8 as well as referencing a Proof of Concept.

What is the vulnerability?

CVE-2023-5074 - CVSS v3 Base Score: 9.8: Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28

What is vulnerable?

The vulnerability affects the following products:

• D-Link D-View 8 v2.0.1.28

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of two weeks... (refer Patch Management):

• https://www.tenable.com/security/research/tra-2023-32

Additional References

• Tenable Security Advisory: https://www.tenable.com/cve/CVE-2023-5074