CVE-2023-44412

Name of the Vulnerable Software and Affected Versions D-Link D-View versions (affected versions not specified)

Description The issue is related to the addDv7Probe function and involves improper restriction of XML External Entity (XXE) references. This allows remote attackers to disclose sensitive information on affected installations without requiring authentication. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM by crafting a document that specifies a URI, causing the XML parser to access the URI and embed its contents back into the XML document.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.