Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-3273

Disclosure Date: April 04, 2024 •

CVE-2024-3273 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by inokii and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

dlink

Products

dnr-202l firmware -,
dnr-322l firmware -,
dnr-326 firmware -,
dns-1100-4 firmware -,
dns-120 firmware -,
dns-1200-05 firmware -,
dns-1550-04 firmware -,
dns-315l firmware -,
dns-320 firmware -,
dns-320l firmware -,
dns-320lw firmware -,
dns-321 firmware -,
dns-323 firmware -,
dns-325 firmware -,
dns-326 firmware -,
dns-327l firmware -,
dns-340l firmware -,
dns-343 firmware -,
dns-345 firmware -,
dns-726-4 firmware -

Exploited in the Wild

Reported by:

inokii indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/04/11/cisa-adds-two-known-exploited-vulnerabilities-catalog)

Reported: April 11, 2024 8:30pm UTC (7 months ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/04/11/cisa-adds-two-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:26am UTC (2 weeks ago)

References

Canonical

CVE-2024-3273 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3273)

Exploit

PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

CVE-2024-3273 (https://github.com/Chocapikk/CVE-2024-3273) (Added by AKB Worker)

CVE-2024-3273 (https://github.com/adhikara13/CVE-2024-3273) (Added by AKB Worker)