Sign-up

ID

VAR-202404-0070


CVE

CVE-2024-3273


TITLE

plural  D-Link Systems, Inc.  Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105

DESCRIPTION

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-3273 // JVNDB: JVNDB-2024-003105

AFFECTED PRODUCTS

vendor:dlinkmodel:dns-320lwscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-120scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dnr-322lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-1200-05scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-315lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-1100-4scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-327lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-1550-04scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-726-4scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-323scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-326scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-340lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dnr-202lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-343scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dnr-326scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-320scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-320lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-321scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-345scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-325scope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dns-1100-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-315lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-120scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lwscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-726-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:dnr-322lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-345scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dnr-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-343scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-323scope: - version: -

Trust: 0.8

vendor:d linkmodel:dnr-202lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-327lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-340lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-325scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1200-05scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1550-04scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-321scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105 // NVD: CVE-2024-3273

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2024-3273
value: CRITICAL

Trust: 1.8

cna@vuldb.com: CVE-2024-3273
value: HIGH

Trust: 1.0

cna@vuldb.com:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

cna@vuldb.com:
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-3273
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105 // NVD: CVE-2024-3273 // NVD: CVE-2024-3273

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105 // NVD: CVE-2024-3273

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2024-3273

EXTERNAL IDS
db:NVDid:CVE-2024-3273
Trust: 2.6
db:VULDBid:259284
Trust: 1.8
db:DLINKid:SAP10383
Trust: 1.8
db:JVNDBid:JVNDB-2024-003105
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2024-003105 // 
            
            
            
            NVD: CVE-2024-3273

REFERENCES
url:https://github.com/netsecfish/dlink
Trust: 1.8
url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10383
Trust: 1.8
url:https://vuldb.com/?id.259284
Trust: 1.8
url:https://vuldb.com/?submit.304661
Trust: 1.8
url:https://vuldb.com/?ctiid.259284
Trust: 1.0
url:https://nvd.nist.gov/vuln/detail/cve-2024-3273
Trust: 0.8
url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2024-003105 // 
            
            
            
            NVD: CVE-2024-3273

SOURCES
db:JVNDBid:JVNDB-2024-003105
db:NVDid:CVE-2024-3273

LAST UPDATE DATE
2024-04-27T12:10:38.980000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2024-003105date:2024-04-19T06:09:00
db:NVDid:CVE-2024-3273date:2024-04-15T20:13:57.290

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2024-003105date:2024-04-19T00:00:00
db:NVDid:CVE-2024-3273date:2024-04-04T01:15:50.387