PT-2026-3843 · D Link · D-Link D-View 8
Kazuma Matsumoto
·
Published
2026-01-21
·
Updated
2026-01-21
·
CVE-2026-23755
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
D-Link D-View 8 versions 2.0.1.107 and below
Description
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via User Account Control (UAC), the installer attempts to load
version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer. When a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges, potentially leading to full system compromise.Recommendations
Versions prior to 2.0.1.107 should be updated.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link D-View 8