ID

VAR-202404-0070


CVE

CVE-2024-3273


TITLE

plural  D-Link Systems, Inc.  Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105

DESCRIPTION

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-3273 // JVNDB: JVNDB-2024-003105

AFFECTED PRODUCTS

vendor:dlinkmodel:dns-345scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-325scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dnr-322lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-120scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-726-4scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-1550-04scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-320lwscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-326scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-1200-05scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-1100-4scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-327lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dnr-202lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-323scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-343scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-340lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-320scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dnr-326scope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-315lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-320lscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dns-321scope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dns-1100-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-315lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-120scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lwscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-726-4scope: - version: -

Trust: 0.8

vendor:d linkmodel:dnr-322lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-345scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dnr-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-343scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-323scope: - version: -

Trust: 0.8

vendor:d linkmodel:dnr-202lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-326scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-327lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-340lscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-325scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1200-05scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-1550-04scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-321scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105 // NVD: CVE-2024-3273

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-3273
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-3273
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-3273
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2024-3273
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2024-3273
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-3273
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-3273
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105 // NVD: CVE-2024-3273 // NVD: CVE-2024-3273

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105 // NVD: CVE-2024-3273

EXTERNAL IDS

db:NVDid:CVE-2024-3273

Trust: 2.6

db:VULDBid:259284

Trust: 1.8

db:DLINKid:SAP10383

Trust: 1.8

db:JVNDBid:JVNDB-2024-003105

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105 // NVD: CVE-2024-3273

REFERENCES

url:https://github.com/netsecfish/dlink

Trust: 1.8

url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10383

Trust: 1.8

url:https://vuldb.com/?id.259284

Trust: 1.8

url:https://vuldb.com/?submit.304661

Trust: 1.8

url:https://vuldb.com/?ctiid.259284

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-3273

Trust: 0.8

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

sources: JVNDB: JVNDB-2024-003105 // NVD: CVE-2024-3273

SOURCES

db:JVNDBid:JVNDB-2024-003105
db:NVDid:CVE-2024-3273

LAST UPDATE DATE

2024-08-16T22:54:29.236000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-003105date:2024-04-19T06:09:00
db:NVDid:CVE-2024-3273date:2024-08-14T19:31:37.420

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-003105date:2024-04-19T00:00:00
db:NVDid:CVE-2024-3273date:2024-04-04T01:15:50.387