Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-10914 PoC — D-Link多款产品 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-10914.yaml
Associated Vulnerability
Title:D-Link多款产品 安全漏洞 (CVE-2024-10914)
Description:D-Link DNS-320等都是中国友讯(D-Link)公司的一款NAS(网络附属存储)设备。 D-Link多款产品存在安全漏洞,该漏洞源于对参数name的错误操作会导致操作系统命令注入。以下产品及版本受到影响:D-Link DNS-320、DNS-320LW、DNS-325和DNS-340L 20241028版本及之前版本。
Description
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection.
File Snapshot

 id: CVE-2024-10914

info:
  name: D-Link NAS - Command Injection via Name Parameter
  author: s4e-io

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.