← voltar
CVE-2024-3273

D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection

CVSS 7.3 HIGHEPSS 100.0%● KEVCWE-77
Em resumo

Dispositivos D-Link NAS possuem uma falha que permite aos atacantes executar comandos remotamente através da interface web, enviando requisições HTTP especialmente preparadas. Isso afeta modelos descontinuados e pode dar ao atacante controle total do dispositivo.

Detalhe técnico

Existe uma vulnerabilidade de injeção de comando no endpoint /cgi-bin/nas_sharing.cgi onde o parâmetro 'system' em requisições HTTP GET não é devidamente sanitizado, permitindo execução remota de código sem autenticação. A falha afeta modelos D-Link DNS-320L, DNS-325, DNS-327L e DNS-340L até a versão de firmware 20240403; a exploração requer acesso de rede à interface web do dispositivo.

Resumo gerado e traduzido por IA a partir da descrição oficial.
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Produtos afetados
D-Link · DNS-320LD-Link · DNS-325D-Link · DNS-327LD-Link · DNS-340L
PoCs públicas encontradas11
githubgithub.com/Chocapikk/CVE-2024-3273101githubgithub.com/adhikara13/CVE-2024-327313githubgithub.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT5githubgithub.com/Ap0dexMe0/CVE-2024-32735githubgithub.com/OIivr/Turvan6rkus-CVE-2024-32730githubgithub.com/X-Projetion/CVE-2024-3273-D-Link-Remote-Code-Execution-RCE0githubgithub.com/askhatov21/Best-Practices-Cybersecurity-Otanata-Project0githubgithub.com/yarienkiva/honeypot-dlink-CVE-2024-32730githubgithub.com/LeopoldSkell/CVE-2024-32730githubgithub.com/mrrobot0o/CVE-2024-3273-0cve_referencegithub.com/netsecfish/dlinknão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/netsecfish/dlinkhttps://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383https://vuldb.com/?ctiid.259284https://vuldb.com/?id.259284https://vuldb.com/?submit.304661https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3273https://www.greynoise.io/blog/cve-2024-3273-d-link-nas-rce-exploited-in-the-wild