CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-3272

CVSS 9.8v3.1pub. 2024-04-04upd. 2025-10-30

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

🤖 AI Analysis
How it works

The vulnerability exists in the /cgi-bin/nas_sharing.cgi file, which handles HTTP GET requests. Manipulation of the 'user' parameter with the value 'messagebus' allows exploitation of hard-coded credentials embedded in the device's software. The attack does not require authentication, user interaction, or special privileges and can be carried out remotely over the network. An exploit has been publicly released and is actively being exploited.

Impact

An attacker can gain unauthorized, full access to the device, threatening the confidentiality, integrity, and availability of stored data and the entire system. It is possible to take control of the NAS device without knowledge of any legitimate credentials.

Mitigation & patch

D-Link manufacturer officially confirmed the end-of-life status of these devices and does not plan to release a patch. It is recommended to immediately withdraw devices from operation and replace them with supported models. As a temporary measure, devices should be isolated from the public network, access to the nas_sharing.cgi service port should be blocked at the firewall level, and access should be restricted only to trusted hosts on the internal network.

Who is affected

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L in all firmware versions up to and including 20240403. The manufacturer confirmed that these products have reached end-of-life status and are no longer supported.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dnr 202l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dnr 202l Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dnr 322l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dnr 322l Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dnr 326

    HW
    Dlink
    wszystkie wersje
  • Dlink Dnr 326 Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 1100 4

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 1100 4 Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 120

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 1200 05

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 1200 05 Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 120 Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 1550 04

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 1550 04 Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 315l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 315l Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 320

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 320 Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 320l

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 320l Firmware

    OS
    Dlink
    1.01.0702.20131.03.0904.20131.11
  • Dlink Dns 320lw

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 320lw Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 321

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 321 Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 323

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 323 Firmware

    OS
    Dlink
    wszystkie wersje
  • Dlink Dns 325

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 325 Firmware

    OS
    Dlink
    1.01
  • Dlink Dns 326

    HW
    Dlink
    wszystkie wersje
  • Dlink Dns 326 Firmware

    OS
    Dlink
    wszystkie wersje

CISA KEV — detailsi

Vendori
D-Link
Producti
Multiple NAS Devices
Added to KEVi
April 11, 2024
Remediation deadline (US Federal)i
May 2, 2024(overdue)
Required action (CISA)i

This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

CISA descriptioni

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 2 maja 2024
CWE
References

Related vulnerabilities

CVE-2020-25506CRITICAL9.8⚠ KEVten sam produkt

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which...

CVE-2019-16057CRITICAL9.8⚠ KEVten sam produkt

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.

CVE-2018-25120CRITICAL9.3PL ✓ten sam produkt

Command injection w D-Link DNS-343 ShareCenter – zdalny dostęp root

CVE-2024-10914CRITICAL9.2PL ✓ten sam produkt

Command injection w D-Link DNS-320/325/340L — zdalne wykonanie poleceń OS

CVE-2024-10915CRITICAL9.2PL ✓ten sam produkt

Command injection w D-Link DNS-320/325/340L przez parametr group