Vulnerabilities ›

CVE-2026-23755

High

CWE-427 — Weakness Type

                    Published: Jan 21, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise.

🤖 AI Executive Summary

D-Link D-View 8 installer versions 2.0.1.107 and below are vulnerable to DLL preloading attacks through uncontrolled search paths. An attacker can execute arbitrary code with administrator privileges by placing a malicious version.dll in the installer directory.

📄 Description (Arabic)

يحتوي مثبت D-Link D-View 8 على ثغرة في مسار البحث غير المتحكم فيه تسمح بهجمات تحميل DLL. عندما يقوم المستخدم بتشغيل المثبت والموافقة على موجه UAC، يمكن لمهاجم تنفيذ كود ضار بامتيازات المسؤول. هذا يؤدي إلى اختراق كامل النظام.

🤖 ملخص تنفيذي (AI)

D-Link D-View 8 installer versions 2.0.1.107 and below contain a DLL preloading vulnerability that allows attackers to execute malicious code with administrator privileges. This vulnerability is exploited when users run the installer and approve UAC prompts.

🤖 AI Intelligence Analysis Analyzed: May 5, 2026 02:33

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government banking energy

🎯 MITRE ATT&CK Techniques

T1547.001 T1574.001 T1574.002 T1548.002

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Update D-Link D-View 8 to version 2.0.1.108 or later immediately. Avoid running installers from untrusted sources or directories. Implement application whitelisting and restrict UAC elevation for non-essential applications. Monitor for suspicious DLL loading activities in system logs.

🔧 خطوات المعالجة (العربية)

قم بتحديث D-Link D-View 8 إلى الإصدار 2.0.1.108 أو أحدث فوراً. تجنب تشغيل المثبتات من مصادر أو مجلدات غير موثوقة. طبق قائمة التطبيقات المسموحة وقيد ترفيع امتيازات UAC للتطبيقات غير الضرورية. راقب أنشطة تحميل DLL المريبة في سجلات النظام.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1.1 2.2.2 2.3.1

🔵 SAMA CSF

ID.AM-2 PR.DS-6 PR.IP-1

🟡 ISO 27001:2022

A.12.2.1 A.14.2.1 A.14.2.5

🔗 References & Sources 2

🔗

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471

disclosure@vulncheck.com

Vendor Advisory Patch

🔗

https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-uncontr...

disclosure@vulncheck.com

Third Party Advisory

📦 Affected Products / CPE 1 entries

dlink:d-view_8

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-427

Exploit No

Patch ✓ Yes

Published 2026-01-21

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-427

🏢 Vendor Advisories

🔗 https://supportannouncement.us.dlink.com/security/pu...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-23755

💬 Comments

Introduce Yourself

Sign In Required