A critical vulnerability, classified as CVE-2024-3273, has been discovered in D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices up to version 20240403. These devices are no longer supported by the maintainer, and therefore, this vulnerability will not receive any patches or updates. The vendor has been contacted and confirmed that the affected products should be retired and replaced.
Exploit Details
The vulnerability is found in an unknown function of the file /cgi-bin/nas_sharing.cgi, which is a part of the HTTP GET Request Handler component. The manipulation of the argument "system" can lead to command injection. This vulnerability can be exploited remotely, and the details of the exploit have been disclosed to the public.
The identifier for this vulnerability is VDB-259284.
The following code snippet demonstrates the vulnerability
http://[target]/cgi-bin/nas_sharing.cgi?operation=4&path=/tmp&system=[command]
Replace [target] with the target device's IP address and [command] with the command to be injected.
How to Exploit
To exploit this vulnerability, an attacker needs to craft a malicious HTTP GET request containing the injected command. This can be done using tools like curl or wget.
Here is an example of an exploit using curl
curl "http://[target]/cgi-bin/nas_sharing.cgi?operation=4&path=/tmp&system=[command]"
Replace [target] with the target device's IP address and [command] with the command to be injected.
Impact
An attacker exploiting this vulnerability can execute arbitrary commands on the affected device, potentially gaining unauthorized access and control over the device, its data, and connected systems.
Recommendation
As the affected devices are no longer supported, vulnerable devices should be retired and replaced with updated and supported products. Make sure to update your network devices regularly, and install available security patches to protect against potential vulnerabilities.
Original References
1. "VDB-259284." VulDB. https://www.vuldb.com/?id.259284
2. "CVE-2024-3273." NIST National Vulnerability Database (NVD). https://nvd.nist.gov/vuln/detail/CVE-2024-3273
Conclusion
The critical vulnerability CVE-2024-3273 found in unsupported D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices presents a significant security risk. Users of these devices are encouraged to retire and replace them to protect their networks from potential attacks exploiting this vulnerability.
Timeline
Published on: 04/04/2024 01:15:50 UTC
Last modified on: 04/15/2024 20:13:57 UTC