プラットフォーム
other
コンポーネント
d-view
修正版
8.0.1
CVE-2023-32165 is a critical Remote Code Execution (RCE) vulnerability discovered in D-Link D-View 8. This flaw allows unauthenticated attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise. The vulnerability impacts version 1.0.2.13 of D-Link D-View 8. A patch is available from D-Link to address this issue.
The impact of CVE-2023-32165 is severe due to the ease of exploitation and the potential for complete system takeover. An attacker can leverage the vulnerability via the TftpReceiveFileHandler to upload and execute malicious code without requiring any authentication. This allows for arbitrary code execution in the SYSTEM context, granting the attacker full control over the affected D-View 8 instance. Successful exploitation could lead to data theft, system modification, denial of service, or the installation of persistent malware. The lack of authentication makes this vulnerability particularly concerning, as it significantly lowers the barrier to entry for attackers.
CVE-2023-32165 was reported to ZDI as ZDI-CAN-19497. Public proof-of-concept (POC) code is likely to emerge given the vulnerability's ease of exploitation and the critical severity. The vulnerability is not currently listed on the CISA KEV catalog, but its severity warrants monitoring. Active exploitation campaigns are possible, particularly targeting organizations using D-Link D-View 8 in exposed or poorly secured environments.
Organizations utilizing D-Link D-View 8 for network management, particularly those with internet-facing deployments or legacy configurations, are at significant risk. Shared hosting environments where multiple users share a D-View 8 instance are also vulnerable, as a compromise of one user could potentially impact others.
• windows / supply-chain:
Get-Process -Name DView | Select-Object -ExpandProperty Path• linux / server:
ps aux | grep DView• generic web:
curl -I http://<dview_ip>/TftpReceiveFileHandlerdisclosure
エクスプロイト状況
EPSS
43.44% (97% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2023-32165 is to upgrade D-Link D-View 8 to a patched version as soon as possible. D-Link has not released a specific fixed version in the provided data. If immediate patching is not feasible, consider temporarily disabling the TFTP server functionality within D-View 8 to reduce the attack surface. Network segmentation and strict firewall rules can also help limit the potential impact by restricting access to the D-View 8 management interface. After upgrading, verify the fix by attempting to trigger the vulnerable TftpReceiveFileHandler functionality and confirming that the request is rejected.
Actualizar D-View a una versión posterior a 1.0.2.13. Consultar el sitio web del proveedor (D-Link) para obtener la última versión y las instrucciones de actualización. Aplicar las medidas de seguridad recomendadas por el proveedor.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2023-32165 is a critical Remote Code Execution vulnerability in D-Link D-View 8, allowing attackers to execute code without authentication.
If you are using D-Link D-View 8 version 1.0.2.13, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
Upgrade D-Link D-View 8 to a patched version. If patching is not immediately possible, disable the TFTP server functionality.
While there is no confirmed active exploitation, the vulnerability's ease of exploitation and critical severity suggest active exploitation is possible.
Refer to the D-Link Security Advisory page for the latest information and updates regarding CVE-2023-32165.