D-Link D-View 8 Unauthenticated Probe-Core Server Communication

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service.
An unauthenticated remote attacker can register a host of his/her choice as a Probe server by sending a 'probe-online' task to the Core server.
The attacker can create many bogus, attacker-controlled Probe servers on the Core server, polluting the D-View 8 web UI and the underlying MongoDB collection DView8 Probe.
If an attacker-controlled Probe server is used by D-View 8 users, bogus device information can be sent to and stored on the Core server.
A 'probe-online' task is sent by a Probe server to the Core server periodically to indicate its online status.
The attacker can fetch tasks destinated to existing, legitimate Probe servers.
D-View 8 tasks are stored in the DView8 Task MongoDB collection.
A Probe server periodically fetches a task destinated to it with matching criteria like probeId, taskStatus and time.
If the attacker knows the probeId of a legitimate Probe server, s/he can fetch a task for the legitimate Probe before it does by fetching more frequently.
It does so by sending a 'request task' task to the Core server with the probeId of the legitimate Probe server in it.
The probeId used in D-View 8 is in the form of probe- if the Probe server is on a different host than the Core server.
If the Probe server and the Core server are on the same host, the probeId is in the form of LocalProbe-.
An attacker on the same LAN as a legitimate Probe server can determine its probeId as the attacker can learn about the Probe server's MAC address via ARP. D-View 8 tasks can contain sensitive information such as login credentials.
This task is initiated when a user logged into the D-View 8 Web server performs a manual network discovery or when a schedule to perform network discovery is run.
The task is sent to a Probe server asking it to scan for network devices so that they can be managed by D-View 8.
This task is initiated when a user logged into the D-View 8 Web server tries to connect to a discovered device.
If the attacker fetches a task before the legitimate Probe server does, the task is not performed by the legitimate Probe server because the taskStatus has been updated after the fetch, resulting in a denial-of-service.
Fetch tasks for an existing, legitimate Probe server // // User may need to initiate the 'tool-cli' and/or 'add-discovery' // task multiple times for the PoC to see those tasks as it competes // with a legitimate Probe server.
The probeId should be probe- where is the // MAC address of the Probe server set up above.
i.e., probe-11-22-33-44-55-66 python3 dview8 probe server.


This Cyber News was published on www.tenable.com. Publication date: Thu, 28 Dec 2023 15:40:06 +0000


Cyber News related to D-Link D-View 8 Unauthenticated Probe-Core Server Communication

D-Link D-View 8 Unauthenticated Probe-Core Server Communication - A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. An unauthenticated remote attacker can register a host of his/her choice as a Probe server by sending ...
10 months ago Tenable.com
CVE-2023-52784 - In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. ...
6 months ago Tenable.com
CVE-2011-4543 - Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) ...
6 years ago
Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
9 months ago Cysecurity.news
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2009-0444 - Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) ...
7 years ago
CVE-2022-48719 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2023-52578 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2023-52765 - In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has ...
6 months ago Tenable.com
EU Targets Musk's X Over Misinformation In First DSA Probe - EU launches formal investigation into X, formerly Twitter, over alleged levels of misinformation on platform in first probe under DSA. The European Commission has launched its first investigation under new digital content rules with a probe into a ...
11 months ago Silicon.co.uk
CVE-2024-38565 - In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for ...
5 months ago Tenable.com
CVE-2021-47078 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
D-Link confirms data breach after employee phishing attack - Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link's D-View ...
11 months ago Bleepingcomputer.com
Encrypting Data Using Asymmetric Encryption - Asymmetric encryption, commonly known as public-key encryption, is an important technique for safeguarding data transport and storage. Asymmetric encryption's multi-step process involving key generation, encryption, transmission, decryption, and key ...
10 months ago Feeds.dzone.com
CVE-2024-26909 - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically ...
7 months ago Tenable.com
CVE-2023-49839 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme ...
7 months ago
CVE-2021-0286 - A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or ...
3 years ago
China Launches Probe into Geographic Data Security - China has started a security investigation into the export of geolocation data, a development that highlights the nation's rising concerns about data security. The probe, which was made public on December 11, 2023, represents a major advancement in ...
11 months ago Cysecurity.news
CVE-2022-49021 - In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: ...
4 weeks ago Tenable.com
CVE-2023-52528 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2021-47103 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-26857 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2021-47146 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2024-38538 - In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN ...
5 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)