漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover
Vulnerability Description
D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
D-Link D-View 8 安全漏洞
Vulnerability Description
D-Link D-View 8是中国友讯(D-Link)公司的一款综合网络管理软件。 D-Link D-View 8 2.0.1.107及之前版本存在安全漏洞,该漏洞源于后端API端点访问控制不当,可能导致任意经过身份验证的用户检索其他用户的敏感凭据数据。
CVSS Information
N/A
Vulnerability Type
N/A