ID
VAR-202404-0069
CVE
CVE-2024-3272
TITLE
plural D-Link Systems, Inc. Product use of hardcoded credentials vulnerability
Trust: 0.8
DESCRIPTION
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | dlink | model: | dns-320lw | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-120 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dnr-322l | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-1200-05 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-315l | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-1100-4 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-327l | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-1550-04 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-726-4 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-323 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-326 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-340l | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dnr-202l | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-343 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dnr-326 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-320 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-320l | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-321 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-345 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dns-325 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | d link | model: | dns-1100-4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-315l | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-120 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | d-link dns-320lw | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-726-4 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dnr-322l | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | d-link dns-345 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | d-link dnr-326 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | d-link dns-320 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | d-link dns-320l | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-343 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-323 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dnr-202l | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-326 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | d-link dns-327l | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-340l | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | d-link dns-325 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-1200-05 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-1550-04 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dns-321 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.0 |
| problemtype: | Use hard-coded credentials (CWE-798) [ others ] | Trust: 0.8 |
CONFIGURATIONS
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-3272 | Trust: 2.6 |
| db: | VULDB | id: | 259283 | Trust: 1.8 |
| db: | DLINK | id: | SAP10383 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2024-003106 | Trust: 0.8 |
REFERENCES
| url: | https://github.com/netsecfish/dlink | Trust: 1.8 |
| url: | https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10383 | Trust: 1.8 |
| url: | https://vuldb.com/?id.259283 | Trust: 1.8 |
| url: | https://vuldb.com/?ctiid.259283 | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-3272 | Trust: 0.8 |
| url: | https://www.cisa.gov/known-exploited-vulnerabilities-catalog | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2024-003106 |
| db: | NVD | id: | CVE-2024-3272 |
LAST UPDATE DATE
2024-04-27T12:10:38.962000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2024-003106 | date: | 2024-04-19T06:10:00 |
| db: | NVD | id: | CVE-2024-3272 | date: | 2024-04-15T20:14:55.570 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2024-003106 | date: | 2024-04-19T00:00:00 |
| db: | NVD | id: | CVE-2024-3272 | date: | 2024-04-04T01:15:50.123 |