Main Vulnerability Database Exploits ID:9694 - Exploit for Use of hard-coded credentials in D-Link products - CVE-2024-3272

ID:9694 - Exploit for Use of hard-coded credentials in D-Link products - CVE-2024-3272

Published: April 9, 2024

Vulnerability identifier: #VU88209

Vulnerability risk: Critical

CVE-ID: CVE-2024-3272

CWE-ID: CWE-798

Exploitation vector: Remote access

Vulnerable software:
D-Link DNS-320L
D-Link DNS-325
D-Link DNS-327L
D-Link DNS-340L

Link to public exploit:

https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE

Vulnerability description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected device using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

The affected devices have reached EOL and are no longer supported by the vendor.

ID:9694 - Exploit for Use of hard-coded credentials in D-Link products - CVE-2024-3272

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human