D-Link D-View 8
Moderate fix1 remedy
cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 2.0.1.107
D-Link D-View 8 Improper Access Control Vulnerability Allowing Credential Disclosure and Account Takeover
Vulnerability
Patched
An improper access control vulnerability has been identified in D-Link D-View 8 versions 2.0.1.107 and prior. This vulnerability exists in backend API endpoints, where authenticated users can manipulate the user_id parameter to access sensitive credential information belonging to other users, including super administrators. The leaked credentials can be used as valid authentication tokens, enabling full impersonation of the targeted user and complete administrative control over the D-View system.
Impact
Exploitation of this vulnerability allows for unauthorized access to user credentials, including those of super administrators, leading to full account takeover and administrative control over the D-View system.
Remediation
Users are advised to update to D-Link D-View 8 version 2.0.5.109 Beta. This beta version can be downloaded from the D-Link D-View Free Trial page. After updating, it is important to verify the success of the update by checking the firmware version on the product interface.
Added: Jan 21, 2026, 6:47 PM
Updated: Jan 21, 2026, 6:47 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
7.5exploitability
4.5remediation
7.7relevance
2.2threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.