Multiple vulnerabilities in D-Link routers
| Risk | Critical |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-3273 CVE-2024-3272 |
| CWE-ID | CWE-78 CWE-798 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. |
| Vulnerable software Subscribe |
D-Link DNS-320L Hardware solutions / Routers for home users D-Link DNS-325 Hardware solutions / Routers for home users D-Link DNS-327L Hardware solutions / Routers for home users D-Link DNS-340L Hardware solutions / Routers for home users |
| Vendor | D-Link |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU88210
Risk: Critical
CVSSv3.1: 9.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C]
CVE-ID: CVE-2024-3273
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can send specially crafted data to the device and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationThe affected devices have reached EOL and are no longer supported by the vendor.
D-Link DNS-320L: All versions
D-Link DNS-325: All versions
D-Link DNS-327L: All versions
D-Link DNS-340L: All versions
External linkshttp://vuldb.com/?id.259284
http://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Use of hard-coded credentials
EUVDB-ID: #VU88209
Risk: Critical
CVSSv3.1: 9.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C]
CVE-ID: CVE-2024-3272
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected device using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationThe affected devices have reached EOL and are no longer supported by the vendor.
D-Link DNS-320L: All versions
D-Link DNS-325: All versions
D-Link DNS-327L: All versions
D-Link DNS-340L: All versions
External linkshttp://vuldb.com/?id.259283
http://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
