CVE-2024-3273

Published: Apr 4, 2024Modified: Oct 30, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Affected (23)

Products: Dlink: Dns 320l Firmware, Dns 120 Firmware, Dnr 202l Firmware, Dns 315l Firmware, Dns 320 Firmware, Dns 320lw Firmware, Dns 321 Firmware, Dnr 322l Firmware, Dns 323 Firmware, Dns 325 Firmware, Dns 326 Firmware, Dns 327l Firmware, Dnr 326 Firmware, Dns 340l Firmware, Dns 343 Firmware, Dns 345 Firmware, Dns 726 4 Firmware, Dns 1100 4 Firmware, Dns 1200 05 Firmware, Dns 1550 04 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 320l Firmware	Version 1.01.0702.2013
Dlink Dns 320l Firmware	Version 1.03.0904.2013
Dlink Dns 320l Firmware	Version 1.11

Running on/with	Platform Versions
Dlink Dns 320l	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 120 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 120	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dnr 202l Firmware	All versions

Running on/with	Platform Versions
Dlink Dnr 202l	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 315l Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 315l	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 320 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 320	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 320lw Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 320lw	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 321 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 321	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dnr 322l Firmware	All versions

Running on/with	Platform Versions
Dlink Dnr 322l	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 323 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 323	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 325 Firmware	Version 1.01

Running on/with	Platform Versions
Dlink Dns 325	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 326 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 326	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 327l Firmware	Version 1.00.0409.2013
Dlink Dns 327l Firmware	Version 1.09

Running on/with	Platform Versions
Dlink Dns 327l	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dnr 326 Firmware	All versions

Running on/with	Platform Versions
Dlink Dnr 326	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 340l Firmware	Version 1.08

Running on/with	Platform Versions
Dlink Dns 340l	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 343 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 343	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 345 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 345	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 726 4 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 726 4	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 1100 4 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 1100 4	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 1200 05 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 1200 05	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dns 1550 04 Firmware	All versions

Running on/with	Platform Versions
Dlink Dns 1550 04	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (12)

https://github.com/netsecfish/dlink

Source: cna@vuldb.com

ExploitThird Party Advisory

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383

Source: cna@vuldb.com

Vendor Advisory

https://vuldb.com/?ctiid.259284

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.259284

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.304661

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/netsecfish/dlink