CVE-2024-3273
Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Severity: CRITICAL
CVE ID: CVE-2024-3273
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVE ID: CVE-2024-3273
CVSS Score: 7.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Proof Of Concept
Nuclei Templates for CVE-2024-3273
Refrence: Project Discovery GitHub
Chocapikk
D-Link NAS CVE-2024-3273 Exploit Tool
Refrence: GitHub
adhikara13
Exploit for CVE-2024-3273, supports single and multiple hosts
Refrence: GitHub
yarienkiva
Quick and dirty honeypot for CVE-2024-3273
Refrence: GitHub
K3ysTr0K3R
A PoC exploit for CVE-2024-3273 - D-Link Remote Code Execution RCE
Refrence: GitHub
ThatNotEasy
D-Link NAS Command Execution Exploit
Refrence: GitHub
LeopoldSkell
Refrence: GitHub
mrrobot0o
Refrence: GitHub
Content on GitHub
nickswink | watchers:1
D-Link-NAS-Devices-Unauthenticated-RCE
UNTESTED exploit script for CVE-2024-3272 + CVE-2024-3273. The script exploits a backdoor authentication bypass + arbitrary command injection vulnerability.
Refrence: GitHub