CVE-2024-3273
D-Link Multiple NAS Devices Command Injection Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
8Exploited in Wild
YesDecision
Descriptions
A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Se ha encontrado una vulnerabilidad clasificada como crítica en D-Link DNS-320L, DNS-325, DNS-327L y DNS-340L hasta 20240403. Una función desconocida del archivo / cgi-bin/nas_sharing.cgi del componente HTTP GET Request Handler. La manipulación del SYSTEM de argumentos conduce a la inyección de comandos. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-259284. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contactó primeramente con el proveedor y se confirmó de inmediato que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.
Es wurde eine Schwachstelle in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L bis 20240403 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cgi-bin/nas_sharing.cgi der Komponente HTTP GET Request Handler. Durch die Manipulation des Arguments system mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2024-04-03 CVE Reserved
- 2024-04-04 CVE Published
- 2024-04-07 First Exploit
- 2024-04-11 Exploited in Wild
- 2024-05-02 KEV Due Date
- 2024-08-01 CVE Updated
- 2024-09-15 EPSS Updated
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.259284 | Technical Description | |
| https://vuldb.com/?submit.304661 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Chocapikk/CVE-2024-3273 | 2024-04-07 | |
| https://github.com/adhikara13/CVE-2024-3273 | 2024-04-07 | |
| https://github.com/ThatNotEasy/CVE-2024-3273 | 2024-04-10 | |
| https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT | 2024-04-09 | |
| https://github.com/mrrobot0o/CVE-2024-3273- | 2024-04-23 | |
| https://github.com/yarienkiva/honeypot-dlink-CVE-2024-3273 | 2024-04-16 | |
| https://github.com/OIivr/Turvan6rkus-CVE-2024-3273 | 2024-05-25 | |
| https://github.com/netsecfish/dlink | 2024-08-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 | 2024-06-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dns-320l Firmware Search vendor "Dlink" for product "Dns-320l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-320l Search vendor "Dlink" for product "Dns-320l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-120 Firmware Search vendor "Dlink" for product "Dns-120 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-120 Search vendor "Dlink" for product "Dns-120" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dnr-202l Firmware Search vendor "Dlink" for product "Dnr-202l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dnr-202l Search vendor "Dlink" for product "Dnr-202l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-315l Firmware Search vendor "Dlink" for product "Dns-315l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-315l Search vendor "Dlink" for product "Dns-315l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-320 Firmware Search vendor "Dlink" for product "Dns-320 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-320 Search vendor "Dlink" for product "Dns-320" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-320lw Firmware Search vendor "Dlink" for product "Dns-320lw Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-320lw Search vendor "Dlink" for product "Dns-320lw" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-321 Firmware Search vendor "Dlink" for product "Dns-321 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-321 Search vendor "Dlink" for product "Dns-321" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dnr-322l Firmware Search vendor "Dlink" for product "Dnr-322l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dnr-322l Search vendor "Dlink" for product "Dnr-322l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-323 Firmware Search vendor "Dlink" for product "Dns-323 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-323 Search vendor "Dlink" for product "Dns-323" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-325 Firmware Search vendor "Dlink" for product "Dns-325 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-325 Search vendor "Dlink" for product "Dns-325" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-326 Firmware Search vendor "Dlink" for product "Dns-326 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-326 Search vendor "Dlink" for product "Dns-326" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-327l Firmware Search vendor "Dlink" for product "Dns-327l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-327l Search vendor "Dlink" for product "Dns-327l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dnr-326 Firmware Search vendor "Dlink" for product "Dnr-326 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dnr-326 Search vendor "Dlink" for product "Dnr-326" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-340l Firmware Search vendor "Dlink" for product "Dns-340l Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-340l Search vendor "Dlink" for product "Dns-340l" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-343 Firmware Search vendor "Dlink" for product "Dns-343 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-343 Search vendor "Dlink" for product "Dns-343" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-345 Firmware Search vendor "Dlink" for product "Dns-345 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-345 Search vendor "Dlink" for product "Dns-345" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-726-4 Firmware Search vendor "Dlink" for product "Dns-726-4 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-726-4 Search vendor "Dlink" for product "Dns-726-4" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-1100-4 Firmware Search vendor "Dlink" for product "Dns-1100-4 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-1100-4 Search vendor "Dlink" for product "Dns-1100-4" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-1200-05 Firmware Search vendor "Dlink" for product "Dns-1200-05 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-1200-05 Search vendor "Dlink" for product "Dns-1200-05" | - | - |
Safe
|
| Dlink Search vendor "Dlink" | Dns-1550-04 Firmware Search vendor "Dlink" for product "Dns-1550-04 Firmware" | - | - |
Affected
| in | Dlink Search vendor "Dlink" | Dns-1550-04 Search vendor "Dlink" for product "Dns-1550-04" | - | - |
Safe
|