CVE-2024-3272 PoC — D-Link DNS-320 信任管理问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3272.yaml

Associated Vulnerability

Title:D-Link DNS-320 信任管理问题漏洞 (CVE-2024-3272)
Description:D-Link DNS-320是中国友讯（D-Link）公司的一款NAS（网络附属存储）设备。 D-Link DNS-320L存在信任管理问题漏洞，该漏洞源于文件/cgi-bin/nas_sharing.cgi存在信任管理问题漏洞。受影响的产品和版本：D-Link DNS-320L，DNS-325，DNS-327，DNS-340L，D-Link NAS Storage。

Description

A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials.

File Snapshot


 id: CVE-2024-3272

info:
  name: D-Link Network Attached Storage - Backdoor Account
  author: ritikc

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!