CVE-2024-3273
Confirmed PUBLISHEDD-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection
Recommended Action
Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
At a Glance
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. Es wurde eine Schwachstelle in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L bis 20240403 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cgi-bin/nas_sharing.cgi der Komponente HTTP GET Request Handler. Durch die Manipulation des Arguments system mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
- CVE Published
- Apr 04, 2024
- Exploitation Reported
- Apr 11, 2024
- CVSS
- 7.3 High
- EPSS
- 100.0%
Affected Versions
| Vendor | Product | Version | Status |
|---|---|---|---|
| dlink |
dns-320l_firmware
|
20240403 |
Affected |
| dlink |
dns-325_firmware
|
20240403 |
Affected |
| dlink |
dns-327l_firmware
|
20240403 |
Affected |
| dlink |
dns-340l_firmware
|
20240403 |
Affected |
| D-Link |
DNS-320L
|
20240403 |
Affected |
| D-Link |
DNS-325
|
20240403 |
Affected |
| D-Link |
DNS-327L
|
20240403 |
Affected |
| D-Link |
DNS-340L
|
20240403 |
Affected |
CVE References
- Submit #304661 | D-LINK DNS-340L, DNS-320L, DNS-327L, DNS-325 Version 1.11, Version 1.00.0409.2013, Version 1.09, Version 1.08, Version 1.03.0904.2013, Version 1.01 Command Injection, Backdoor Account vuldb.com · Third-Party Advisory https://vuldb.com/?submit.304661
- GitHub — netsecfish/dlink github.com · Exploit https://github.com/netsecfish/dlink
- VDB-259284 | D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection vuldb.com · Technical Description https://vuldb.com/?id.259284
- VDB-259284 | CTI Indicators (IOB, IOC, TTP, IOA) vuldb.com · Signature https://vuldb.com/?ctiid.259284
- Related — supportannouncement.us.dlink.com supportannouncement.us.dlink.com · Related https://supportannouncement.us.dlink.com/security/publication.aspx?na...
Recommended Actions
- Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
- Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
- Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
Per-source evidence links for KEV attestations are available through the KEVIntel Pro API.
Learn about Pro API access| Source | Added |
|---|---|
| CISA First | 2024-04-11 00:00 UTC |
| The Shadowserver | 2026-05-31 00:00 UTC |
Scanner Artifacts
Nuclei and Metasploit references linked to this CVE.
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3273.yaml | Apr 25, 2025 |
Virtual Patch
Compensating WAF rules to help reduce exposure to this CVE. Rule content and deployable vendor exports are available with KEVIntel Enterprise.
KEVIntel does not currently have a virtual patch for this CVE. When available, KEVIntel virtual patches ship as deployable ModSecurity, Cloudflare, and AWS WAF rules.
Enterprise feature. Virtual patch rule content and deployable vendor exports (ModSecurity, Cloudflare, AWS WAF) are available to KEVIntel Enterprise users.
CVSS Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitation Status
Exploited in the wild
Recorded 2024-04-11 00:00:00 UTC · CISA
Proof of concept available
Recorded 2024-04-09 12:26:37 UTC · GitHub
Weaknesses (CWE)
-
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3273.yaml | Apr 25, 2025 |
Potential Proof of Concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-04-10 00:27:02 UTC · 5 stars
D-Link NAS Command Execution Exploit
github · Created 2024-04-09 12:26:37 UTC · 3 stars
A PoC exploit for CVE-2024-3273 - D-Link Remote Code Execution RCE
github · Created 2024-04-07 15:36:18 UTC · 13 stars
Exploit for CVE-2024-3273, supports single and multiple hosts
github · Created 2024-04-07 03:09:13 UTC · 95 stars
D-Link NAS CVE-2024-3273 Exploit Tool
nuclei · Created Unknown
Timeline
Key exploitation, disclosure, scanner coverage, and KEV attestation events for this CVE.
-
00:00 UTC about 2 months ago00:00 UTC · about 2 months ago
KEV confirmed by The Shadowserver
Exploitation attested by an external source
-
00:00 UTC about 1 year ago00:00 UTC · about 1 year ago
Nuclei template available
Scanner coverage available
-
00:00 UTC over 2 years ago00:00 UTC · over 2 years ago
Added to CISA KEV
Listed in the CISA Known Exploited Vulnerabilities catalog
-
12:26 UTC over 2 years ago12:26 UTC · over 2 years ago
Public PoC available
Public proof-of-concept code published
-
01:00 UTC over 2 years ago01:00 UTC · over 2 years ago
CVE published
Vulnerability disclosed publicly
-
18:21 UTC over 2 years ago18:21 UTC · over 2 years ago
CVE ID reserved
Identifier reserved by the CNA
Automate This Intelligence with the Pro API
Confidence scoring, exploit status, sensor telemetry, PoCs, scanner integrations, mentions, and tags are available programmatically for VM, SOC, and CTI workflows.
Pro API Example
GET /api/v2/pro/kevs/CVE-2024-3273
{
"cve_id": "CVE-2024-3273",
"title": "D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi co...",
"affected_vendor": "D-Link",
"affected_product": "DNS-320L, DNS-325, DNS-327L, DNS-340L",
"affected_versions": [
{ "vendor": "...", "product": "...", "status": "affected", "display_label": "..." }
],
"confidence": "Confirmed",
"cvss_score": 7.3,
"epss_score": 0.99997,
"exploit_status": {
"exploited_in_the_wild": true,
"active_exploitation_observed": false
},
"sensor_telemetry": { "...": "Pro API fields" },
"proof_of_concepts": [ "..." ],
"scanner_integrations": [ "..." ]
}