CVE-2026-23755
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-21

Last updated on: 2026-01-30

Assigner: VulnCheck

Description
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23755
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink d-view_8 to 2.0.1.107 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects D-Link D-View 8 versions 2.0.1.107 and earlier. The installer has an uncontrolled search path issue where it tries to load a DLL named version.dll from its current execution directory when run with elevated privileges via User Account Control (UAC). An attacker can place a malicious version.dll alongside the installer. If a user runs the installer and approves the UAC prompt, the attacker's malicious code executes with administrator privileges, potentially leading to full system compromise. [1]

Impact Analysis

If exploited, this vulnerability allows an attacker to execute arbitrary code with administrator privileges on the affected system. This can lead to full system compromise, including unauthorized access, data theft, system manipulation, or installation of persistent malware. [1]

Detection Guidance

You can detect this vulnerability by checking if the D-Link D-View 8 installer version 2.0.1.107 or below is present on your system. Additionally, inspect the directory where the installer is executed for the presence of a version.dll file that could be malicious. Monitoring for unexpected DLL files named version.dll in the installer's directory or unusual execution of the installer with elevated privileges may indicate exploitation attempts. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding running the D-Link D-View 8 installer version 2.0.1.107 or earlier with elevated privileges, especially if the installer directory is not trusted. Ensure that no untrusted version.dll files exist alongside the installer. Applying any available patches or updates from D-Link that address this vulnerability is recommended. Additionally, restrict user permissions to prevent unauthorized execution of installers with administrator privileges. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23755. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart