Vulnerability Description
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | D-View 8 | <= 2.0.1.107 |
Related Weaknesses (CWE)
References
- https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471PatchVendor Advisory
- https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-Third Party Advisory
FAQ
What is CVE-2026-23755?
CVE-2026-23755 is a vulnerability with a CVSS score of 7.3 (HIGH). D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version....
How severe is CVE-2026-23755?
CVE-2026-23755 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23755?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink D-View 8.