D-Links D-View 8 allows admins to manage networks. Attackers could attack the software via several security holes. Two gaps are considered “critical“.
Unfertiger Patch?
A warning message states that the six vulnerabilities have been known since the end of December 2022. In mid-May, the post with a reference to the repaired Version v2.0.1.28 updated. All previous versions are said to be vulnerable.
However, D-Link points out that the current version is still beta firmware. The installation could lead to instabilities in operation and thus cause problems. However, since the security gaps are very dangerous, admins should think about installing them.
The vulnerabilities
Two vulnerabilities classified as critical are considered particularly threatening (CVE-2023-32165, CVE-2023-32169). Because of a hard-coded cryptographic key, attackers could bypass authentication and gain access to network management software. The execution of malicious code with system rights is also conceivable.
This usually leads to attackers completely compromising devices and gaining full control. Intrusions into company networks are conceivable and attackers could spread from there and infect computers with malware.
If attackers successfully attack the other vulnerabilities, they could, among other things, access information that is actually isolated. The vulnerabilities were discovered by security researchers from Trend Micro’s Zero Day Initiative. It is currently not known whether there have already been attacks.
(of the)
To home page