Main Vulnerability Database Vulnerabilities #VU84848

Information disclosure in D-View - CVE-2023-7163

Published: December 28, 2023

Vulnerability identifier: #VU84848

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-7163

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
D-View

Software vendor:
D-Link

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way D-View communicates with the Probe server. A remote attacker on the local network can perform ARP spoofing attack, intercept requests to the Probe server and gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.tenable.com/security/research/tra-2023-43

Information disclosure in D-View - CVE-2023-7163

Description

Remediation

External links

Please verify you're human