** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink dns-320l_firmware - |
||
dlink dns-120_firmware - |
||
dlink dnr-202l_firmware - |
||
dlink dns-315l_firmware - |
||
dlink dns-320_firmware - |
||
dlink dns-320lw_firmware - |
||
dlink dns-321_firmware - |
||
dlink dnr-322l_firmware - |
||
dlink dns-323_firmware - |
||
dlink dns-325_firmware - |
||
dlink dns-326_firmware - |
||
dlink dns-327l_firmware - |
||
dlink dnr-326_firmware - |
||
dlink dns-340l_firmware - |
||
dlink dns-343_firmware - |
||
dlink dns-345_firmware - |
||
dlink dns-726-4_firmware - |
||
dlink dns-1100-4_firmware - |
||
dlink dns-1200-05_firmware - |
||
dlink dns-1550-04_firmware - |
Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks By Sergiu Gatlan April 8, 2024 06:17 PM 0 Image: Midjourney Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw. As BleepingComputer first reported on Saturday, this security vulnerability (CVE-2024-3273) is the result of a backdoor facilitated through a hardcoded account (usernam...
Over 92,000 exposed D-Link NAS devices have a backdoor account By Bill Toulas April 6, 2024 10:16 AM 0 A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models. The researcher who discovered the flaw, 'Netsecfish,' explains that the issue resides within the'/cgi-bin/nas_sharing.cgi' script, impacting its HTTP GET Request Handler component. The two main issues contributing ...