Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-23754

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.0%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-23754
  • Dlink » D-View 8 » Version: 1.0.1.28
    cpe:2.3:a:dlink:d-view_8:1.0.1.28
  • Dlink » D-View 8 » Version: 1.0.2.13
    cpe:2.3:a:dlink:d-view_8:1.0.2.13
  • Dlink » D-View 8 » Version: 1.0.3.39
    cpe:2.3:a:dlink:d-view_8:1.0.3.39
  • Dlink » D-View 8 » Version: 2.0.0.26
    cpe:2.3:a:dlink:d-view_8:2.0.0.26
  • Dlink » D-View 8 » Version: 2.0.1.27
    cpe:2.3:a:dlink:d-view_8:2.0.1.27
  • Dlink » D-View 8 » Version: 2.0.1.28
    cpe:2.3:a:dlink:d-view_8:2.0.1.28
  • Dlink » D-View 8 » Version: 2.0.1.89
    cpe:2.3:a:dlink:d-view_8:2.0.1.89


Products
Pricing
Contact Us

Shodan ® - All rights reserved