CVE-2024-3273 PoC — D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection

Source

https://github.com/Chocapikk/CVE-2024-3273

Associated Vulnerability

Title:D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection (CVE-2024-3273)
Description:** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Description

D-Link NAS CVE-2024-3273 Exploit Tool

Readme

# 🛠️ CVE-2024-3273 Exploit Tool

## 🌟 Introduction

This script is a powerful exploitation tool for the CVE-2024-3273 vulnerability found in specific versions of D-Link NAS devices. It enables command execution and unauthorized access to the affected devices.

## ⚙️ Installation

To set up the exploitation tool, follow these steps:

1. **Clone the repository**:

```bash
git clone https://github.com/Chocapikk/CVE-2024-3273.git
```

2. **Navigate to the tool's directory**:

```bash
cd CVE-2024-3273
```

3. **Install the required Python packages**:

```bash
pip install -r requirements.txt
```

## 🚀 Usage

To use the tool, run the script from the command line as follows:

```bash
python exploit.py [options]
```

### Options

- **-u, --url**:
  Specify the target URL or IP address.

- **-f, --file**:
  Specify a file containing a list of URLs to scan.

- **-t, --threads**:
  Set the number of threads for concurrent scanning.

- **-o, --output**:
  Define an output file to save the scan results.

When a single URL is provided with the `-u` option and the target is vulnerable, the script will attempt to open an interactive shell.

### Example

```bash
$ python3 exploit.py -u http://127.0.0.1
[+] Command executed successfully.
[!] http://127.0.0.1 is vulnerable to CVE-2024-3273: uid=0(root) gid=0(root)
[+] Opening interactive shell...
$ id
[+] Command executed successfully.
uid=0(root) gid=0(root)
```

## 📊 Mass Scanning

For mass scanning, use the `-f` option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.

```bash
python exploit.py -f urls.txt
```

## 🗒️ Affected Versions

The vulnerability affects the following versions of D-Link NAS devices:

- DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013
- DNS-325 Version 1.01
- DNS-327L Version 1.09, Version 1.00.0409.2013
- DNS-340L Version 1.08

These systems are considered to be end-of-life (EOL), meaning they are no longer supported or receiving updates from the manufacturer. It is strongly recommended that these systems are no longer used.

## 🛡️ Disclaimer

Use this tool responsibly and ethically. Always obtain proper authorization before testing any system for vulnerabilities.

## 👏 Acknowledgments

Special thanks to the researcher [@netsecfish](https://github.com/netsecfish) for their work in identifying this vulnerability.

File Snapshot


 [4.0K]  /data/pocs/4857c57ecf7ab97b7377b517ead1d3d37ed5560a
├── [5.5K]  exploit.py
├── [2.4K]  README.md
└── [  75]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!