CVE-2026-23755
BaseFortify
Publication date: 2026-01-21
Last updated on: 2026-01-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | d-view_8 | to 2.0.1.107 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects D-Link D-View 8 versions 2.0.1.107 and earlier. The installer has an uncontrolled search path issue where it tries to load a DLL named version.dll from its current execution directory when run with elevated privileges via User Account Control (UAC). An attacker can place a malicious version.dll alongside the installer. If a user runs the installer and approves the UAC prompt, the attacker's malicious code executes with administrator privileges, potentially leading to full system compromise. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary code with administrator privileges on the affected system. This can lead to full system compromise, including unauthorized access, data theft, system manipulation, or installation of persistent malware. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if the D-Link D-View 8 installer version 2.0.1.107 or below is present on your system. Additionally, inspect the directory where the installer is executed for the presence of a version.dll file that could be malicious. Monitoring for unexpected DLL files named version.dll in the installer's directory or unusual execution of the installer with elevated privileges may indicate exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding running the D-Link D-View 8 installer version 2.0.1.107 or earlier with elevated privileges, especially if the installer directory is not trusted. Ensure that no untrusted version.dll files exist alongside the installer. Applying any available patches or updates from D-Link that address this vulnerability is recommended. Additionally, restrict user permissions to prevent unauthorized execution of installers with administrator privileges. [1]