Published: 04/04/2024 Updated: 15/04/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dns-320l_firmware -
dlink dns-120_firmware -
dlink dnr-202l_firmware -
dlink dns-315l_firmware -
dlink dns-320_firmware -
dlink dns-320lw_firmware -
dlink dns-321_firmware -
dlink dnr-322l_firmware -
dlink dns-323_firmware -
dlink dns-325_firmware -
dlink dns-326_firmware -
dlink dns-327l_firmware -
dlink dnr-326_firmware -
dlink dns-340l_firmware -
dlink dns-343_firmware -
dlink dns-345_firmware -
dlink dns-726-4_firmware -
dlink dns-1100-4_firmware -
dlink dns-1200-05_firmware -
dlink dns-1550-04_firmware -

Check Point Reference: CPAI-2024-0179 Date Published: 10 Apr 2024 Severity: High ...

D-Link NAS Command Execution Exploit

D-Link NAS Command Execution Exploit This Python script exploits a vulnerability (CVE-2024-3273) in D-Link NAS devices, allowing arbitrary command execution It leverages the vulnerability to execute commands remotely on the affected devices Features Executes arbitrary commands on D-Link NAS devices Supports both single host and multiple hosts from a file Concurrent executi

Exploit for CVE-2024-3273, supports single and multiple hosts

CVE-2024-3273 Exploit for CVE-2024-3273, supports single and multiple hosts

CVE-2024-3273 - D-Link Remote Code Execution (RCE)

Quick and dirty honeypot for CVE-2024-3273

dlink-honeypot Quick and dirty honeypot for CVE-2024-3273

CVE-2024-3273-

Awesome List of my own!

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASL ActionScript Adblock Filter List Agda Assembly AutoHotkey Batchfile Bikeshed C C# C++ CMake CSS CWeb Clojure CoffeeScript Common Lisp Coq Cuda D DIGITAL Command Language Dart Dockerfile Emacs Lisp Fortran FreeMarker GAP GLSL Gherkin Go Groff HTML Handlebars Haskell Idris Inno Setup Java Java

Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks

BleepingComputer • Sergiu Gatlan • 08 Apr 2024

Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks By Sergiu Gatlan April 8, 2024 06:17 PM 0 Image: Midjourney Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw. As BleepingComputer first reported on Saturday, this security vulnerability (CVE-2024-3273) is the result of a backdoor facilitated through a hardcoded account (usernam...

CVE-2024-3273

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect