CVE-2024-10915

HIGH EXPLOITED NUCLEI

D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - OS Command Injection via group Parameter

Title source: llm

Exploitation Summary

CVE-2024-10915 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including r0otk3r. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2024-10915, a command injection vulnerability in D-Link NAS devices. The exploit targets the `/cgi-bin/account_mgr.cgi?cmd=cgi_user_add` endpoint via the `group` parameter, allowing unauthenticated remote code execution.

Description

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC

by r0otk3r · remote

https://github.com/r0otk3r/CVE-2024-10915

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2024-10915, a command injection vulnerability in D-Link NAS devices. The exploit targets the `/cgi-bin/account_mgr.cgi?cmd=cgi_user_add` endpoint via the `group` parameter, allowing unauthenticated remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link NAS (DNS-320, DNS-320LW, DNS-325, DNS-340L)

No auth needed

Prerequisites: Network access to the vulnerable D-Link NAS device · Python 3.x with the `requests` library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

D-Link NAS - Command Injection via Group Parameter

CRITICALVERIFIEDby s4e-io

Shodan: http.html:"sharecenter"

FOFA: body="sharecenter"

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.283310

Third Party Advisory, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.283310

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.432848

Exploit, Third Party Advisory exploit

https://netsecfish.notion.site/Command-Injection-Vulnerability-in-group-parameter-for-D-Link-NAS-12d6b683e67c803fa1a0c0d236c9a4c5?pvs=4

Product product

https://www.dlink.com/

Scores

CVSS v3 8.1

EPSS 0.9406

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-11-26

CWE

CWE-78 CWE-74 CWE-707

Status published

Products (4)

dlink/dns-320_firmware

dlink/dns-320lw_firmware

dlink/dns-325_firmware

dlink/dns-340l_firmware

Published Nov 06, 2024

Tracked Since Feb 18, 2026