** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
References
| Link | Resource |
|---|---|
| https://github.com/netsecfish/dlink | Exploit Third Party Advisory |
| https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 | Vendor Advisory |
| https://vuldb.com/?ctiid.259283 | Permissions Required |
| https://vuldb.com/?id.259283 | Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
History
15 Apr 2024, 20:14
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:* |
|
| References | () https://github.com/netsecfish/dlink - Exploit, Third Party Advisory | |
| References | () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 - Vendor Advisory | |
| References | () https://vuldb.com/?ctiid.259283 - Permissions Required | |
| References | () https://vuldb.com/?id.259283 - Third Party Advisory | |
| First Time |
Dlink dnr-202l Firmware
Dlink dns-343 Firmware Dlink dns-726-4 Firmware Dlink dnr-202l Dlink dns-320lw Firmware Dlink dns-327l Firmware Dlink dns-343 Dlink dnr-322l Dlink dns-320l Firmware Dlink dns-323 Dlink dns-326 Dlink dns-120 Dlink dns-321 Dlink dns-320lw Dlink dns-1100-4 Dlink dns-315l Dlink dns-320 Dlink dns-321 Firmware Dlink dns-345 Firmware Dlink dnr-326 Dlink dns-1100-4 Firmware Dlink dns-325 Firmware Dlink dns-345 Dlink dnr-322l Firmware Dlink dns-1200-05 Dlink dns-323 Firmware Dlink dns-1200-05 Firmware Dlink dns-340l Dlink dns-1550-04 Firmware Dlink dns-327l Dlink Dlink dns-326 Firmware Dlink dns-320l Dlink dns-726-4 Dlink dns-325 Dlink dns-320 Firmware Dlink dns-340l Firmware Dlink dns-120 Firmware Dlink dnr-326 Firmware Dlink dns-315l Firmware Dlink dns-1550-04 |
05 Apr 2024, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| Summary |
|
04 Apr 2024, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-04 01:15
Updated : 2024-08-14 19:32
NVD link : CVE-2024-3272
Mitre link : CVE-2024-3272
CVE.ORG link : CVE-2024-3272
JSON object : View
Products Affected
dlink
- dns-340l
- dns-325_firmware
- dns-343_firmware
- dns-320lw
- dns-120
- dns-315l
- dnr-322l_firmware
- dns-321
- dnr-202l_firmware
- dns-726-4
- dns-1100-4_firmware
- dns-1200-05
- dns-327l
- dns-726-4_firmware
- dnr-202l
- dns-320lw_firmware
- dns-1550-04_firmware
- dns-1200-05_firmware
- dns-327l_firmware
- dns-315l_firmware
- dns-320l_firmware
- dns-325
- dns-320
- dns-321_firmware
- dns-1100-4
- dns-323
- dns-320l
- dns-326
- dns-1550-04
- dns-320_firmware
- dns-340l_firmware
- dns-120_firmware
- dns-323_firmware
- dns-345_firmware
- dns-345
- dnr-322l
- dnr-326
- dns-343
- dns-326_firmware
- dnr-326_firmware
CWE
CWE-798
Use of Hard-coded Credentials