/CVE-2024-3273-EXPLOIT

A PoC exploit for CVE-2024-3273 - D-Link Remote Code Execution RCE

Primary LanguagePython

CVE-2024-3273 - D-Link Remote Code Execution (RCE) 💥

A critical vulnerability, classified as CVE-2024-3273, was discovered in several D-Link NAS devices, including DNS-320L, DNS-325, DNS-327L, and DNS-340L, up to the date of 20240403. This vulnerability affects an unknown function of the file /cgi-bin/nas_sharing.cgi in the component HTTP GET Request Handler. It allows for command injection through manipulation of the system argument, posing a significant security risk. The exploit can be initiated remotely, making it particularly dangerous.

Affected Devices ⚠️

The following D-Link NAS devices are affected:

  • DNS-320L
  • DNS-325
  • DNS-327L
  • DNS-340L

Vulnerability Details ℹ️

  • Component: HTTP GET Request Handler
  • File: /cgi-bin/nas_sharing.cgi
  • Vulnerability Type: Command Injection
  • Remote Exploit: Yes
  • Vulnerability Identifier: VDB-259284

Disclaimer ⚠️

I am not responsible for any misuse of this Proof of Concept (PoC) exploit. It is your responsibility to use this tool in a legal and ethical manner.