CVE-2024-3272
D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials
In short
D-Link NAS devices contain hard-coded credentials in a web interface file that can be accessed remotely without authentication. An attacker can use these fixed credentials to gain unauthorized access to the device.
Technical detail
The /cgi-bin/nas_sharing.cgi HTTP GET request handler accepts a 'user' parameter that, when set to 'messagebus', exposes hard-coded credentials allowing remote authentication bypass. This affects DNS-320L, DNS-325, DNS-327L, and DNS-340L devices up to firmware version 20240403. No user interaction is required; the attack is network-accessible and exploits insufficient credential management.
Summary generated and translated by AI from the official description.
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
public PoCs found — 2
githubgithub.com/aliask/dinkleberry★ 3cve_referencegithub.com/netsecfish/dlinkunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →