** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LDlink Dnr 202l
HWDlinkwszystkie wersjeDlink Dnr 202l Firmware
OSDlinkwszystkie wersjeDlink Dnr 322l
HWDlinkwszystkie wersjeDlink Dnr 322l Firmware
OSDlinkwszystkie wersjeDlink Dnr 326
HWDlinkwszystkie wersjeDlink Dnr 326 Firmware
OSDlinkwszystkie wersjeDlink Dns 1100 4
HWDlinkwszystkie wersjeDlink Dns 1100 4 Firmware
OSDlinkwszystkie wersjeDlink Dns 120
HWDlinkwszystkie wersjeDlink Dns 1200 05
HWDlinkwszystkie wersjeDlink Dns 1200 05 Firmware
OSDlinkwszystkie wersjeDlink Dns 120 Firmware
OSDlinkwszystkie wersjeDlink Dns 1550 04
HWDlinkwszystkie wersjeDlink Dns 1550 04 Firmware
OSDlinkwszystkie wersjeDlink Dns 315l
HWDlinkwszystkie wersjeDlink Dns 315l Firmware
OSDlinkwszystkie wersjeDlink Dns 320
HWDlinkwszystkie wersjeDlink Dns 320 Firmware
OSDlinkwszystkie wersjeDlink Dns 320l
HWDlinkwszystkie wersjeDlink Dns 320l Firmware
OSDlink1.01.0702.20131.03.0904.20131.11Dlink Dns 320lw
HWDlinkwszystkie wersjeDlink Dns 320lw Firmware
OSDlinkwszystkie wersjeDlink Dns 321
HWDlinkwszystkie wersjeDlink Dns 321 Firmware
OSDlinkwszystkie wersjeDlink Dns 323
HWDlinkwszystkie wersjeDlink Dns 323 Firmware
OSDlinkwszystkie wersjeDlink Dns 325
HWDlinkwszystkie wersjeDlink Dns 325 Firmware
OSDlink1.01Dlink Dns 326
HWDlinkwszystkie wersjeDlink Dns 326 Firmware
OSDlinkwszystkie wersje
CISA KEV — detailsi
- Vendori
- D-Link
- Producti
- Multiple NAS Devices
- Added to KEVi
- April 11, 2024
- Remediation deadline (US Federal)i
- May 2, 2024(overdue)
This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.
Related vulnerabilities
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which...
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
Command injection w D-Link DNS-343 ShareCenter – zdalny dostęp root
Command injection w D-Link DNS-320/325/340L — zdalne wykonanie poleceń OS