CVE-2024-3273

Published Apr 4, 2024

Last updated 6 months ago

Exploit knownCVSS high 7.3
Dns
Port (53)

Overview

Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Source
cna@vuldb.com
NVD status
Analyzed
CNA Tags
unsupported-when-assigned
Products
dns-320l_firmware, dns-120_firmware, dnr-202l_firmware, dns-315l_firmware, dns-320_firmware, dns-320lw_firmware, dns-321_firmware, dnr-322l_firmware, dns-323_firmware, dns-325_firmware, dns-326_firmware, dns-327l_firmware, dnr-326_firmware, dns-340l_firmware, dns-343_firmware, dns-345_firmware, dns-726-4_firmware, dns-1100-4_firmware, dns-1200-05_firmware, dns-1550-04_firmware

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

CVSS 2.0

Type
Secondary
Base score
7.5
Impact score
6.4
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name
D-Link Multiple NAS Devices Command Injection Vulnerability
Exploit added on
Apr 11, 2024
Exploit action due
May 2, 2024
Required action
This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Weaknesses

cna@vuldb.com
CWE-77

Social media

Hype score
Not currently trending

  1. Cytellite recent detection targeting CVE-2024-3273 — UAB Host Baltic Visit -- https://t.co/ALOc8RnNEg #Loginsoft #Cytellite #Cybersecurity #CVE20243273 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/Wanlx2EeGq

    @Loginsoft_Intel

    19 Feb 2026

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔴 hono/jsx, Cross-Site Scripting, #CVE-2024-3273 (Critical) https://t.co/XT5j7iw9Eq

    @dailycve

    28 Jan 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 92,000 D-Link NAS Devices actively exploiting .No patches available for the vulnerabilities CVE-2024-3272 and CVE-2024-3273. These vulnerabilities are actively exploited by attackers to take remote control of D-Link network-attached storage (NAS) devices. https://t.co/z6gbofc

    @peggynicky2013

    8 Jan 2026

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 92,000 D-Link NAS Devices actively exploiting .No patches available for the vulnerabilities CVE-2024-3272 and CVE-2024-3273. These vulnerabilities are actively exploited by attackers to take remote control of D-Link network-attached storage (NAS) devices. https://t.co/CQjmMPE

    @luisunlocks

    1 Dec 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 漏洞:CVE-2024-3273 D-Link 网络存储 (NAS)是中国友讯(D-link)公司的一款统一服务路由器。 D-Link NAS nas_sharing.cgi接口存在命令执行漏洞,该漏洞存在于“/cgi-bin/nas_sharing.cgi”脚本中,影响其 HTTP GET 请求处理程序组件。

    @LaoShu_Yes

    26 Jul 2025

    1524 Impressions

    0 Retweets

    64 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🔴 D-Link NAS Devices Critical Vulnerability: #CVE-2024-3273 (Critical) - Critical https://t.co/YcShTjzBok

    @dailycve

    29 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.CVE-2026-5312
  2. A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.CVE-2026-5311
  3. A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_get_ipv6 of the file /cgi-bin/network_mgr.cgi. Such manipulation leads to improper access controls. The exploit is publicly available and might be used.CVE-2026-5215
  4. A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_addgroup_get_group_quota_minsize of the file /cgi-bin/account_mgr.cgi. The manipulation of the argument Name results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.CVE-2026-5214
  5. A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_adduser_to_session of the file /cgi-bin/account_mgr.cgi. This manipulation of the argument read_list causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.CVE-2026-5213

References

Sources include official advisories and independent security research.