Severity
High
Analysis Summary
CVE-2023-32165 CVSS:9.8
D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler class. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-32164 CVSS:7.5
D-Link D-View could allow a remote attacker to obtain sensitive information, caused by a flaw in TftpSendFileThread class. By sending a specially crafted request, an attacker couldexploit this vulnerability to obtain sensitive information.
CVE-2023-32167 CVSS:6.5
D-Link D-View could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially crafted request to the uploadMib function to create arbitrary files on the system.
CVE-2023-32166 CVSS:8.1
D-Link D-View could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially crafted request to the uploadFile function to create arbitrary files on the system.
CVE-2023-32168 CVSS:8.8
D-Link D-View could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the showUser method. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges to resources normally protected from the user.
Impact
- Code Execution
- Privilege Escalation
- Information Disclosure
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-32165
- CVE-2023-32164
- CVE-2023-32167
- CVE-2023-32166
- CVE-2023-32168
Affected Vendors
D-Link
Affected Products
- D-Link D-View 2.0.1.27
Remediation
Refer to D-Link Web site for patch, upgrade or suggested workaround information.