CVE-2026-23755

low-risk

Published 2026-01-21

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.3/10 High

LOCAL / LOW complexity

Affected Products (1)

D-View 8

Affected Vendors

Dlink

References (2)

Vendor Advisory https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471

Third Party Advisory https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-...

/ 100

low-risk

Severity 23/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal