KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

7.3

CVSS
High

CVE-2024-3273

PUBLISHED

D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: D-Link
Product: DNS-320L, DNS-325, DNS-327L, DNS-340L
Published: Apr 04, 2024
EPSS: —

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. Es wurde eine Schwachstelle in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L bis 20240403 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cgi-bin/nas_sharing.cgi der Komponente HTTP GET Request Handler. Durch die Manipulation des Arguments system mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

cisa nuclei_scanner

CVSS scores

CVSS v3.1 7.3 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v3.0 7.3 High

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2.0 7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2024-04-11 00:00:00 UTC · Source

Proof of concept available

Recorded 2024-04-09 12:26:37 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Apr 11, 2024

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3273.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

ThatNotEasy/CVE-2024-3273

github · Created 2024-04-10 00:27:02 UTC · 5 stars

D-Link NAS Command Execution Exploit

K3ysTr0K3R/CVE-2024-3273-EXPLOIT

github · Created 2024-04-09 12:26:37 UTC · 3 stars

A PoC exploit for CVE-2024-3273 - D-Link Remote Code Execution RCE

adhikara13/CVE-2024-3273

github · Created 2024-04-07 15:36:18 UTC · 13 stars

Exploit for CVE-2024-3273, supports single and multiple hosts

Chocapikk/CVE-2024-3273

github · Created 2024-04-07 03:09:13 UTC · 95 stars

D-Link NAS CVE-2024-3273 Exploit Tool

Timeline

CVE ID Reserved

April 03, 2024
CVE Published to Public

April 04, 2024
Proof of Concept Exploit Available

April 09, 2024
Added to KEVIntel

April 11, 2024
Detected by Nuclei

April 25, 2025