ГлавнаяУязвимости → CVE-2024-3273
7.3высокая

CVE-2024-3273

Описание

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Затрагиваемое ПО
Dlink Dns-320l firmwareDlink Dns-320lDlink Dns-120 firmwareDlink Dns-120Dlink Dnr-202l firmwareDlink Dnr-202lDlink Dns-315l firmwareDlink Dns-315lDlink Dns-320 firmwareDlink Dns-320Dlink Dns-320lw firmwareDlink Dns-320lwDlink Dns-321 firmwareDlink Dns-321Dlink Dnr-322l firmwareDlink Dnr-322lDlink Dns-323 firmwareDlink Dns-323Dlink Dns-325 firmwareDlink Dns-325Dlink Dns-326 firmwareDlink Dns-326Dlink Dns-327l firmwareDlink Dns-327lDlink Dnr-326 firmware
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://github.com/netsecfish/dlinkhttps://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383https://vuldb.com/?ctiid.259284https://vuldb.com/?id.259284https://vuldb.com/?submit.304661https://github.com/netsecfish/dlinkhttps://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383https://vuldb.com/?ctiid.259284