TROYANOSYVIRUS
Retour aux CVEs

CVE-2024-3273

HIGHCISA KEV
7.3

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Details CVE

Score CVSS v3.17.3
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/4/2024
Derniere modification10/30/2025
Sourcekev
Observations honeypot0

CISA KEV

FournisseurD-Link
ProduitMultiple NAS Devices
Nom vulnerabiliteD-Link Multiple NAS Devices Command Injection Vulnerability
Date ajout KEV2024-04-11
Date limite remediation2024-05-02
Utilise dans ransomwareUnknown

Produits affectes

dlink:dnr-202ldlink:dnr-202l_firmwaredlink:dnr-322ldlink:dnr-322l_firmwaredlink:dnr-326dlink:dnr-326_firmwaredlink:dns-1100-4dlink:dns-1100-4_firmwaredlink:dns-120dlink:dns-1200-05dlink:dns-1200-05_firmwaredlink:dns-120_firmwaredlink:dns-1550-04dlink:dns-1550-04_firmwaredlink:dns-315ldlink:dns-315l_firmwaredlink:dns-320dlink:dns-320_firmwaredlink:dns-320ldlink:dns-320l_firmwaredlink:dns-320lwdlink:dns-320lw_firmwaredlink:dns-321dlink:dns-321_firmwaredlink:dns-323dlink:dns-323_firmwaredlink:dns-325dlink:dns-325_firmwaredlink:dns-326dlink:dns-326_firmwaredlink:dns-327ldlink:dns-327l_firmwaredlink:dns-340ldlink:dns-340l_firmwaredlink:dns-343dlink:dns-343_firmwaredlink:dns-345dlink:dns-345_firmwaredlink:dns-726-4dlink:dns-726-4_firmware

Faiblesses (CWE)

CWE-77

References

https://github.com/netsecfish/dlink(cna@vuldb.com)
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383(cna@vuldb.com)
https://vuldb.com/?ctiid.259284(cna@vuldb.com)
https://vuldb.com/?id.259284(cna@vuldb.com)
https://vuldb.com/?submit.304661(cna@vuldb.com)
https://github.com/netsecfish/dlink(af854a3a-2127-422b-91ae-364da2661108)
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383(af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?ctiid.259284(af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.259284(af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?submit.304661(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3273(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.greynoise.io/blog/cve-2024-3273-d-link-nas-rce-exploited-in-the-wild(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.