Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVulDBCVELIST:CVE-2024-3272
HistoryApr 04, 2024 - 1:00 a.m.

CVE-2024-3272 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials

2024-04-0401:00:05
CWE-798
VulDB
www.cve.org
1
cve-2024-3272
d-link
dns-320l
dns-325
dns-327l
dns-340l
http get request
nas_sharing.cgi
remote attack
end-of-life

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.049 Low

EPSS

Percentile

92.8%

JSON

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CNA Affected

[
  {
    "vendor": "D-Link",
    "product": "DNS-320L",
    "versions": [
      {
        "version": "20240403",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-325",
    "versions": [
      {
        "version": "20240403",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-327L",
    "versions": [
      {
        "version": "20240403",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-340L",
    "versions": [
      {
        "version": "20240403",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  }
]

Related

cisa_kev 2
cve 1
attackerkb 1
nvd 1
thn 1
openvas 1
cisa_kev
cisa_kev
D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
2024-04-11 00:00:00
D-Link Multiple NAS Devices Command Injection Vulnerability
2024-04-11 00:00:00
cve
cve
CVE-2024-3272
2024-04-04 01:15:50
attackerkb
attackerkb
CVE-2024-3272
2024-04-04 00:00:00
nvd
nvd
CVE-2024-3272
2024-04-04 01:15:50
thn
thn
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
2024-04-09 05:46:00
openvas
openvas
D-Link DNS/DNR Devices Multiple Vulnerabilities (SAP10383) - Active Check
2024-04-09 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.049 Low

EPSS

Percentile

92.8%

JSON
Related for CVELIST:CVE-2024-3272
cisa_kev2cve1attackerkb1nvd1thn1openvas1