This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices.

The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.

CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the cgi-bin/nas_sharing.cgi endpoint.

This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.


  • Python 3.x
  • requests library


  1. Clone this repository:
git clone

2. Navigate to the repository directory:

cd CVE-2024-3273

3. Run the PoC:


4. Follow the on-screen instructions to choose the target device:

  • Option 1: Single Host (1): Enter details for a single target device, including the host IP address and command to run.
  • Option 2: Multiple Hosts (2): Provide a file containing multiple target devices in the format host:port, and choose whether to export vulnerable hosts to vulnerables.txt.


    ┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
    ┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
    ┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛
    Choose an option (1: Single Host, 2: Multiple Hosts): 1
    Enter the host:
    Enter the command to run: ls
    Response from
    ┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
    ┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
    ┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛
    Choose an option (1: Single Host, 2: Multiple Hosts): 2
    Enter the file path containing hosts: list.txt
    Export vulnerable host to vulnerables.txt? (y/n): y
    Connection error for host
    Connection error for host
    Host is vulnerable.