CVE-2024-3273

NVD Published Date: April 04, 2024 at 01:15 AM
NVD Last Modified: August 14, 2024 at 07:31 PM
Download Patch
Vulnerability ID
CVE-2024-3273
Severity
CRITICAL
Severity Score
9.8
Summary
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Mitigation and Patches
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-77

Recent Publish

CVE-2024-32113

CVE-2024-4358

CVE-2024-23692

CVE-2024-4577

2024-08 适用于基于 x64 的系统的 Windows Embedded Standard 7 仅安全性质量更新(KB5041823)

2024-08 适用于基于 x64 的系统的 Windows Server 2008 R2 仅安全性质量更新(KB5041823)

See SecOps Solution
in action

Schedule Demo