← Back to CVEs
CVE-2026-23755
HIGH7.3
Description
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise.
CVE Details
CVSS v3.1 Score7.3
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published1/21/2026
Last Modified1/30/2026
Sourcenvd
Honeypot Sightings0
Affected Products
dlink:d-view_8
Weaknesses (CWE)
CWE-427
References
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-uncontrolled-search-path(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.