D-Link D-View 8 Unauthenticated Probe-Core Server Communication

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service.
An unauthenticated remote attacker can register a host of his/her choice as a Probe server by sending a 'probe-online' task to the Core server.
The attacker can create many bogus, attacker-controlled Probe servers on the Core server, polluting the D-View 8 web UI and the underlying MongoDB collection DView8 Probe.
If an attacker-controlled Probe server is used by D-View 8 users, bogus device information can be sent to and stored on the Core server.
A 'probe-online' task is sent by a Probe server to the Core server periodically to indicate its online status.
The attacker can fetch tasks destinated to existing, legitimate Probe servers.
D-View 8 tasks are stored in the DView8 Task MongoDB collection.
A Probe server periodically fetches a task destinated to it with matching criteria like probeId, taskStatus and time.
If the attacker knows the probeId of a legitimate Probe server, s/he can fetch a task for the legitimate Probe before it does by fetching more frequently.
It does so by sending a 'request task' task to the Core server with the probeId of the legitimate Probe server in it.
The probeId used in D-View 8 is in the form of probe- if the Probe server is on a different host than the Core server.
If the Probe server and the Core server are on the same host, the probeId is in the form of LocalProbe-.
An attacker on the same LAN as a legitimate Probe server can determine its probeId as the attacker can learn about the Probe server's MAC address via ARP. D-View 8 tasks can contain sensitive information such as login credentials.
This task is initiated when a user logged into the D-View 8 Web server performs a manual network discovery or when a schedule to perform network discovery is run.
The task is sent to a Probe server asking it to scan for network devices so that they can be managed by D-View 8.
This task is initiated when a user logged into the D-View 8 Web server tries to connect to a discovered device.
If the attacker fetches a task before the legitimate Probe server does, the task is not performed by the legitimate Probe server because the taskStatus has been updated after the fetch, resulting in a denial-of-service.
Fetch tasks for an existing, legitimate Probe server // // User may need to initiate the 'tool-cli' and/or 'add-discovery' // task multiple times for the PoC to see those tasks as it competes // with a legitimate Probe server.
The probeId should be probe- where is the // MAC address of the Probe server set up above.
i.e., probe-11-22-33-44-55-66 python3 dview8 probe server.


This Cyber News was published on www.tenable.com. Publication date: Thu, 28 Dec 2023 15:40:06 +0000


Cyber News related to D-Link D-View 8 Unauthenticated Probe-Core Server Communication

D-Link D-View 8 Unauthenticated Probe-Core Server Communication - A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. An unauthenticated remote attacker can register a host of his/her choice as a Probe server by sending ...
1 year ago Tenable.com
CVE-2023-52784 - In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. ...
1 year ago Tenable.com
CVE-2024-56568 - In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when ...
5 months ago Tenable.com
CVE-2011-4543 - Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) ...
7 years ago
CVE-2024-58071 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
1 year ago Cysecurity.news
CVE-2023-53109 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2025-37897 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2023-53023 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2024-40954 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2009-0444 - Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) ...
7 years ago
CVE-2022-49301 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
CVE-2023-52578 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2024-56635 - In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() ...
5 months ago Tenable.com
CVE-2025-21652 - In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device ...
5 months ago Tenable.com
CVE-2025-22085 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2022-50144 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago
CVE-2022-48719 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-38565 - In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for ...
1 year ago Tenable.com
CVE-2021-47078 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2025-21938 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2023-52765 - In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has ...
1 year ago Tenable.com
CVE-2024-57985 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2024-58072 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago