Critical Vulnerability in D-LINK NAS Devices

Critical Vulnerability in D-LINK NAS Devices

CVE-2024-3273

Report by Matthew Fagan,, Access Point Consulting

A critical vulnerability has been confirmed in select D-Link NAS devices, including DNS-340L, DNS-320L, DNS-327L, and DNS-325. Evidence suggests that other D-Link NAS devices may also be affected. The vulnerability, identified as CVE-2024-3273 (CVSS: 9.8), exploits the /cgi-bin/nas_sharing.cgi component of the HTTP GET Request Handler. By manipulating this component, an attacker can perform remote command injection to obtain hardcoded credentials. A publicly disclosed exploit developed by NetSecFish has confirmed the presence of this vulnerability. Network scans indicate that over 92,000 devices are affected. Read more

要查看或添加评论,请登录

Access Point Consulting的更多文章

社区洞察

其他会员也浏览了