CVE-2026-23754

Name of the Vulnerable Software and Affected Versions D-Link D-View 8 versions 2.0.1.107 and below

Description D-Link D-View 8 versions 2.0.1.107 and below have an improper access control issue in backend API endpoints. An authenticated user can provide an arbitrary user id value to obtain sensitive credential data for other users, including super administrators. This credential material can be directly used for authentication, enabling full impersonation of the targeted account and complete administrative control over the D-View system. The vulnerable API endpoints allow unauthorized access to user credentials through manipulation of the user id parameter.

Recommendations Versions prior to 2.0.1.107 should be updated.