4 results (0.005 seconds)

CVSS: 9.8EPSS: 92%CPEs: 40EXPL: 9

A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Chocapikk/CVE-2024-3273 https://github.com/adhikara13/CVE-2024-3273 https://github.com/ThatNotEasy/CVE-2024-3273 https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT https://github.com/mrrobot0o/CVE-2024-3273- https://github.com/yarienkiva/honeypot-dlink-CVE-2024-3273 https://github.com/OIivr/Turvan6rkus-CVE-2024-3273 https://github.com/X-Projetion/CVE-2024-3273-D-Link-Remote-Code-Execution-RCE https://github.com/netsecfish/dlink https://supportannouncement.us • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 7%CPEs: 40EXPL: 2

A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE https://github.com/netsecfish/dlink https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 https://vuldb.com/?ctiid.259283 https://vuldb.com/?id.259283 • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 1

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. D-Link DNS-320 FW versión v2.06B01 Revisión Ax, está afectado por una inyección de comandos en el componente system_mgr.cgi, que puede conllevar a una ejecución de código arbitraria remota D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution. • https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10183 https://www.dlink.com/en/security-bulletin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 1

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. El archivo script login_mgr.cgi en D-Link DNS-320 versiones hasta 2.05.B10, es vulnerable a la inyección de comandos remota. The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. • https://blog.cystack.net/d-link-dns-320-rce https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •