CVE-2024-3273

CVE Database · CVE-2024-3273

CVE-2024-3273

· HIGHAnalyzed

CVSS v3.1

7.3

EPSS

100.00%

Published

Apr 3, 2024

Modified

Oct 30, 2025

CISA Known Exploited Vulnerability

Added: 2024-04-11 · Due: 2024-05-02

This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Public PoC / Exploit (10)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCChocapikk/CVE-2024-3273★100 GitHub PoCadhikara13/CVE-2024-3273★13 GitHub PoCK3ysTr0K3R/CVE-2024-3273-EXPLOIT★5 GitHub PoCAp0dexMe0/CVE-2024-3273★5 GitHub PoCyarienkiva/honeypot-dlink-CVE-2024-3273★0 GitHub PoCLeopoldSkell/CVE-2024-3273★0 GitHub PoCmrrobot0o/CVE-2024-3273-★0 GitHub PoCOIivr/Turvan6rkus-CVE-2024-3273★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-77

Affected Products (43)

dlink · dns-320l_firmwarevulnerable

dlink · dns-320l

dlink · dns-120_firmwarevulnerable

dlink · dns-120

dlink · dnr-202l_firmwarevulnerable

dlink · dnr-202l

dlink · dns-315l_firmwarevulnerable