|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-15 | |
| Rule Name: | D-Link NAS Unauthenticated Remote Code Execution Vulnerability (CVE-2024-3273) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://vuldb.com/ https://vuldb.com/ https://vuldb.com/ https://github.com/netsecfish/dlink |
|
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |