Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover
Vulnerability Description
D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
D-Link D-View 8 安全漏洞
Vulnerability Description
D-Link D-View 8是中国友讯(D-Link)公司的一款综合网络管理软件。 D-Link D-View 8 2.0.1.107及之前版本存在安全漏洞,该漏洞源于后端API端点访问控制不当,可能导致任意经过身份验证的用户检索其他用户的敏感凭据数据。
CVSS Information
N/A
Vulnerability Type
N/A