Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-3272 PoC — D-Link DNS-320 信任管理问题漏洞

Source
https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE
Associated Vulnerability
Title:D-Link DNS-320 信任管理问题漏洞 (CVE-2024-3272)
Description:D-Link DNS-320是中国友讯(D-Link)公司的一款NAS(网络附属存储)设备。 D-Link DNS-320L存在信任管理问题漏洞,该漏洞源于文件/cgi-bin/nas_sharing.cgi存在信任管理问题漏洞。受影响的产品和版本:D-Link DNS-320L,DNS-325,DNS-327,DNS-340L,D-Link NAS Storage。
Description
UNTESTED exploit script for CVE-2024-3272 + CVE-2024-3273. The script exploits a backdoor authentication bypass + arbitrary command injection vulnerability.
Readme
# Unauthenticated RCE 
Backdoor authentication bypass + command injection vulnerability.
Script exploits CVE-2024-3272 + CVE-2024-3273.



## Credits
Originally discovered [@necsecfish](https://github.com/netsecfish) - https://github.com/netsecfish/dlink
File Snapshot

 [4.0K]  /data/pocs/160ae645c2e78c29eea44cda0c3cf71939c455ba
├── [1.4K]  exploit.py
└── [ 255]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.