D-View 8: TrendMicro (ZDI) Reported Multiple Vulnerabilities

17 svibnja, 2023



On December 28, 2022, 3rd party security research from TrendMicro ZDI reported the D-Link D-View 8.0 Network Device Management platform as having multiple vulnerabilities.  The research was done on a demo version of the software, the corrected, and qualified version is the first release version from D-Link Corporation.



As soon as D-Link was made aware of the reported security issues, we had promptly started our investigation and began developing security patches.


D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.


Report information  


        - Reported by TrendMicro ZDI


                 - ZDI-CAN-19496: D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability
                   - ZDI-CAN-19497: D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability

                   - ZDI-CAN-19527: D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability

                   - ZDI-CAN-19529: D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability

                   - ZDI-CAN-19534: D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability

                   - ZDI-CAN-19659: D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability


Affected Models


Model Software Version
Fixed Release
Recommendation Last Updated
D-View 8
v2.0.1.27 and below

You must update via the application (downloadable from https://dview.dlink.com/), or

contact you regional technical support for license verification



Regarding Security patch for your D-Link Devices and Software
Firmware and software updates address the security vulnerabilities in affected D-Link devices and software. D-Link will update this continually and we strongly recommend all users to install the relevant updates.