Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2024-3274
HistoryJun 18, 2024 - 5:41 a.m.

D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure

2024-06-1805:41:12
ProjectDiscovery
github.com
1
cve disclosure d-link

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.8%

JSON
A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler.

id: CVE-2024-3274

info:
  name: D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
  author: DhiyaneshDk
  severity: medium
  description: |
    A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler.
  reference:
    - https://github.com/netsecfish/info_cgi
    - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
    - https://nvd.nist.gov/vuln/detail/CVE-2024-3274
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-3274
    cwe-id: CWE-200
    epss-score: 0.00045
    epss-percentile: 0.15047
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="Text:In order to access the ShareCenter"
  tags: cve,cve2024,dlink,exposure

http:
  - raw:
      - |
        GET /cgi-bin/info.cgi HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Model=", "Build=", "Macaddr=")'
          - 'status_code == 200'
        condition: and
# digest: 490a004630440220637a70951ffd4c3d81671b37a51e678c922a409e791bdbb538ad6cce7bb84fad0220303256e098c2a99c41e54b1518da46ac7d1910401c97102c6afaa5f2490973d9:922c64590222798bb761d5b6d8e72950

Related

cve 1
cvelist 1
nvd 1
openvas 1
cve
cve
CVE-2024-3274
2024-04-04 02:15:07
cvelist
cvelist
CVE-2024-3274 D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure
2024-04-04 01:31:04
nvd
nvd
CVE-2024-3274
2024-04-04 02:15:07
openvas
openvas
D-Link DNS/DNR Devices Multiple Vulnerabilities (SAP10383) - Active Check
2024-04-09 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.8%

JSON
Related for NUCLEI:CVE-2024-3274
cve1cvelist1nvd1openvas1