Cyber Resilience

CVE-2026-23754

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0032 23.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-23754 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Dlink D-View 8. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 23.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-23754 is an improper access control vulnerability (CWE-639) affecting D-Link D-View 8 versions 2.0.1.107 and below. The issue resides in backend API endpoints, where any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. Published on 2026-01-21, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts across confidentiality, integrity, and availability.

The vulnerability can be exploited by any low-privileged authenticated user remotely. By manipulating the user_id parameter, the attacker extracts reusable credential material, enabling direct impersonation of the targeted account. This leads to complete account takeover, granting full administrative control over the D-View system.

Mitigation details are available in vendor and third-party advisories, including the D-Link security announcement at https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471 and the Vulncheck advisory at https://www.vulncheck.com/advisories/dlink-dview-8-idor-allows-credential-disclosure-and-account-takeover.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed…

more

credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

IDOR in authenticated backend API directly enables credential extraction (T1212) leading to account impersonation/takeover via valid accounts (T1078).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23755Same product: Dlink D-View 8
CVE-2026-42373Same vendor: Dlink
CVE-2026-42374Same vendor: Dlink
CVE-2018-25115Same vendor: Dlink
CVE-2026-4209Same vendor: Dlink
CVE-2026-8346Same vendor: Dlink
CVE-2026-1596Same vendor: Dlink
CVE-2025-9752Same vendor: Dlink
CVE-2026-2152Same vendor: Dlink
CVE-2026-5984Same vendor: Dlink

Affected Assets

dlink
d-view 8
≤ 2.0.1.107

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations on backend API endpoints to prevent authenticated users from supplying arbitrary user_id values to retrieve other users' sensitive credential data.

prevent

Implements least privilege to restrict low-privileged authenticated users from accessing credential data of super administrators or other accounts.

prevent

Manages and protects authenticators to prevent unauthorized disclosure and direct reuse of exposed credential material for account impersonation.

References