CVE-2024-10914

This repository contains functional exploit code for CVE-2024-10914, a command injection vulnerability in D-Link NAS devices. The exploit targets the `name` parameter in the `account_mgr.cgi` script, allowing remote command execution via crafted HTTP requests.

The repository contains a functional exploit for CVE-2024-10914, demonstrating a command injection vulnerability in D-Link DNS devices. The exploit leverages a crafted HTTP request to execute arbitrary commands via the 'account_mgr.cgi' endpoint.

This repository contains a functional Python exploit for CVE-2024-10914, a remote code execution vulnerability in D-Link DNS devices. The exploit leverages command injection via the `/cgi-bin/account_mgr.cgi` endpoint to execute arbitrary commands and provides an interactive shell.

The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-10914 (command injection in account_mgr.cgi), CVE-2024-22024 (XXE in Ivanti Connect Secure), and others. Each writeup includes vulnerability descriptions, PoC examples, mitigation steps, and references.

The repository contains a functional Python exploit for CVE-2024-10914, targeting D-Link NAS devices. It leverages command injection via the 'name' parameter in the 'cgi_user_add' function to achieve remote code execution (RCE).

The repository contains a functional exploit for CVE-2024-10914, a command injection vulnerability in D-Link NAS devices. The exploit leverages the 'name' parameter in the '/cgi-bin/account_mgr.cgi' endpoint to execute arbitrary commands, confirmed by checking the response for user/group details.

This repository contains a functional Python-based exploit for CVE-2024-10914, targeting a command injection vulnerability in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices. The exploit leverages a vulnerable endpoint `/cgi-bin/account_mgr.cgi` to achieve remote code execution (RCE) by injecting arbitrary commands via the `name` parameter.

This repository contains functional exploit code for CVE-2024-10914, a command injection vulnerability in D-Link NAS devices. The exploit targets the `name` parameter in the `account_mgr.cgi` script, allowing remote command execution.

This repository contains a functional exploit PoC for CVE-2024-10914, a command injection vulnerability in D-Link NAS devices. The script sends a crafted HTTP request to execute arbitrary commands via the 'name' parameter in the 'account_mgr.cgi' endpoint.

This repository contains a functional Python exploit for CVE-2024-10914, targeting a command injection vulnerability in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices. The exploit leverages an insecure endpoint in the web interface to execute arbitrary commands via crafted HTTP requests.

The repository contains a functional Python exploit for CVE-2024-10914, demonstrating command injection via the 'name' parameter in the '/cgi-bin/account_mgr.cgi' endpoint. The exploit sends a crafted payload to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2024-10914, targeting a command injection vulnerability in a web application's CGI script. The exploit provides a shell-like interface for remote command execution, reverse shell capabilities, and file transfer functionalities.

This repository contains a functional Go-based exploit for CVE-2024-10914, demonstrating OS command injection in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices via the 'name' parameter in the cgi_user_add function. The exploit includes verification and interactive shell capabilities.

The repository contains a functional exploit script for CVE-2024-10914, targeting a command injection vulnerability in D-Link DNS devices via the 'cgi_user_add' function in '/cgi-bin/account_mgr.cgi'. The script crafts a malicious URL with an injected command and sends it to the target using curl.

This repository contains functional exploit code for CVE-2024-10914, a command injection vulnerability in D-Link routers. The exploit leverages improper input sanitization in the `account_mgr.cgi` endpoint to achieve remote code execution via shell metacharacters.

This repository provides a detailed manual testing guide for exploiting CVE-2024-10914, a command injection vulnerability in D-Link NAS devices. It includes step-by-step instructions for using Burp Suite to test and exploit the vulnerability in the 'name' parameter of the account_mgr.cgi endpoint.