CVE-2023-5074

Name of the Vulnerable Software and Affected Versions D-Link D-View 8 version 2.0.1.28

Description The issue is related to the use of a static key for protecting JWT tokens in user authentication, which can allow an attacker to bypass security restrictions and gain unauthorized access to protected information. This can be exploited remotely.

Recommendations For D-Link D-View 8 version 2.0.1.28, consider updating to a newer version that addresses this issue, as using a static key for JWT token protection can lead to authentication bypass. As a temporary workaround, consider restricting access to authentication mechanisms that rely on JWT tokens until a patch is available.