CVE-2024-3274

MEDIUM NUCLEI

D-Link DNS-320L, DNS-320LW, DNS-327L <20240403 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-3274 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Nuclei Templates (1)

D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
MEDIUMVERIFIEDby DhiyaneshDk
FOFA: body="Text:In order to access the ShareCenter"

References (5)

Core 5
Core References
Permissions Required, VDB Entry vdb-entry
https://vuldb.com/?id.259285
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.259285
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.304706

Scores

CVSS v3 5.3
EPSS 0.3348
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (3)
D-Link/DNS-320L 20240403
D-Link/DNS-320LW 20240403
D-Link/DNS-327L 20240403
Published Apr 04, 2024
Tracked Since Feb 18, 2026