CVE-2024-3273

HIGH KEV NUCLEI

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L - OS Command Injection via nas_sharing.cgi System Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-3273 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 11, 2024. EIP tracks 12 public exploits from researchers including Chocapikk, iSee857, adhikara13. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-3273, targeting D-Link NAS devices. The exploit leverages a command injection vulnerability in the `nas_sharing.cgi` endpoint to achieve remote code execution (RCE) as root.

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Exploits (12)

nomisec WORKING POC 99 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2024-3273

This repository contains a functional exploit for CVE-2024-3273, targeting D-Link NAS devices. The exploit leverages a command injection vulnerability in the `nas_sharing.cgi` endpoint to achieve remote code execution (RCE) as root.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link NAS devices (DNS-320L, DNS-325, DNS-327L, DNS-340L)
No auth needed
Prerequisites: Network access to the target device · Vulnerable D-Link NAS firmware version
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github WORKING POC 40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/D-Link-NAS(CVE-2024-3273).py

The repository contains functional exploit code for multiple CVEs, including CVE-2024-3273 (D-Link NAS). The provided Python scripts demonstrate command execution and SQL injection vulnerabilities with clear technical implementation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link NAS (CVE-2024-3273), OpenCode (CVE-2026-22812), Altenergy (CVE-2024-11305), etc.
No auth needed
Prerequisites: network access to target · vulnerable software version
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 13 stars
by adhikara13 · remote
https://github.com/adhikara13/CVE-2024-3273

This repository contains a functional Python-based exploit for CVE-2024-3273, a command injection vulnerability in D-Link NAS devices. The exploit targets the `cgi-bin/nas_sharing.cgi` endpoint, allowing arbitrary command execution via a crafted HTTP request with a Base64-encoded payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: D-Link NAS devices (specific version not specified)
No auth needed
Prerequisites: Network access to the vulnerable D-Link NAS device · Python 3.x with `requests` library
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github WORKING POC 5 stars
by Ap0dexMe0 · pythonpoc
https://github.com/Ap0dexMe0/CVE-2024-3273

This Python script exploits CVE-2024-3273, a command injection vulnerability in D-Link NAS devices, by sending a crafted HTTP request to the `/cgi-bin/nas_sharing.cgi` endpoint with a base64-encoded command. The exploit supports both single and bulk targeting with concurrent execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: D-Link NAS devices (specific version not specified)
No auth needed
Prerequisites: Network access to the target device · Vulnerable D-Link NAS device with exposed CGI endpoint
devstral-2 · analyzed May 14, 2026 Full analysis →
nomisec WORKING POC 5 stars
by ThatNotEasy · remote
https://github.com/ThatNotEasy/CVE-2024-3273

This Python script exploits CVE-2024-3273, a command injection vulnerability in D-Link NAS devices, by sending a crafted HTTP request to the `/cgi-bin/nas_sharing.cgi` endpoint with a base64-encoded command. The exploit supports both single and bulk targeting, with concurrent execution for efficiency.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: D-Link NAS devices (specific version not specified)
No auth needed
Prerequisites: Network access to the target device · The `/cgi-bin/nas_sharing.cgi` endpoint must be accessible
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 4 stars
by K3ysTr0K3R · remote
https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT

This repository contains a functional Python exploit for CVE-2024-3273, a command injection vulnerability in D-Link NAS devices. The exploit targets the `/cgi-bin/nas_sharing.cgi` endpoint via HTTP GET requests, allowing remote code execution (RCE) on affected devices.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link NAS devices (DNS-320L, DNS-325, DNS-327L, DNS-340L)
No auth needed
Prerequisites: Network access to the target device · Vulnerable D-Link NAS device with exposed `/cgi-bin/nas_sharing.cgi` endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP
by askhatov21 · poc
https://github.com/askhatov21/Best-Practices-Cybersecurity-Otanata-Project

This repository contains a detailed security assessment report for CVE-2024-3273, focusing on a command injection vulnerability in D-Link DNS-320L NAS devices via the /cgi-bin/nas_sharing.cgi endpoint. The report includes technical details, impact analysis, and remediation recommendations, but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link DNS-320L NAS
No auth needed
Prerequisites: Access to the target endpoint /cgi-bin/nas_sharing.cgi · Base64 encoding capability for payloads
devstral-2 · analyzed Apr 26, 2026 Full analysis →
nomisec WRITEUP
by askhatov21 · poc
https://github.com/askhatov21/CP3418_BestPracticesCybersecurity_OTANATA_Project

This repository contains a detailed security assessment report for CVE-2024-3273, focusing on a command injection vulnerability in D-Link DNS-320L NAS devices via the /cgi-bin/nas_sharing.cgi endpoint. The report includes technical details, impact analysis, and remediation recommendations, but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link DNS-320L NAS
No auth needed
Prerequisites: Access to the target device's /cgi-bin/nas_sharing.cgi endpoint · Base64 encoding capability for payloads
devstral-2 · analyzed Apr 25, 2026 Full analysis →
nomisec WORKING POC
by X-Projetion · remote
https://github.com/X-Projetion/CVE-2024-3273-D-Link-Remote-Code-Execution-RCE

The repository contains a functional Python exploit for CVE-2024-3273, targeting a D-Link RCE vulnerability via improper input validation in the `nas_sharing.cgi` script. It includes both single-target exploitation and multi-threaded scanning capabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link NAS devices (specific versions not specified)
No auth needed
Prerequisites: Network access to the vulnerable D-Link device · Python 3.x with required dependencies
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP
by OIivr · poc
https://github.com/OIivr/Turvan6rkus-CVE-2024-3273

This repository provides a detailed technical analysis of CVE-2024-3273, a command injection vulnerability in D-Link NAS devices. It includes a breakdown of the vulnerability, affected models, and a code snippet demonstrating the exploit mechanism.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: D-Link NAS devices (DNS-320L, DNS-325, DNS-327L, DNS-340L)
No auth needed
Prerequisites: Knowledge of the target IP address · Network access to the vulnerable device
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by mrrobot0o · remote
https://github.com/mrrobot0o/CVE-2024-3273-

This repository contains a functional exploit for CVE-2024-3273, targeting D-Link NAS devices. The exploit leverages a command injection vulnerability in the `nas_sharing.cgi` endpoint, allowing remote command execution via base64-encoded payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link NAS devices (specific version not specified)
No auth needed
Prerequisites: Network access to the target device · The `nas_sharing.cgi` endpoint must be accessible
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by yarienkiva · poc
https://github.com/yarienkiva/honeypot-dlink-CVE-2024-3273

This repository contains a honeypot setup for CVE-2024-3273, a vulnerability affecting D-Link NAS devices. It includes a Python server to simulate the vulnerable device and scripts to clone the web interface for realism.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: D-Link NAS devices
No auth needed
Prerequisites: Access to a vulnerable D-Link NAS device
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

D-Link Network Attached Storage - Command Injection and Backdoor Account
CRITICALVERIFIEDby pussycat0x
FOFA: app="D_Link-DNS-ShareCenter"

References (7)

Core 7
Core References
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.259284
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.304661
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.259284

Scores

CVSS v3 7.3
EPSS 0.9443
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-04-11
VulnCheck KEV 2024-04-08
InTheWild.io 2024-04-11
ENISA EUVD EUVD-2024-31863
CWE
CWE-77
Status published
Products (23)
dlink/dnr-202l_firmware
dlink/dnr-322l_firmware
dlink/dnr-326_firmware
dlink/dns-1100-4_firmware
dlink/dns-1200-05_firmware
dlink/dns-120_firmware
dlink/dns-1550-04_firmware
dlink/dns-315l_firmware
dlink/dns-320_firmware
dlink/dns-320l_firmware 1.01.0702.2013
... and 13 more
Published Apr 04, 2024
KEV Added Apr 11, 2024
Tracked Since Feb 18, 2026