CVE-2024-3273

Name of the Vulnerable Software and Affected Versions D-Link DNS-320L (affected versions not specified) D-Link DNS-325 (affected versions not specified) D-Link DNS-327L (affected versions not specified) D-Link DNS-340L (affected versions not specified)

Description A critical issue exists in the HTTP GET Request Handler component within the /cgi-bin/nas sharing.cgi file. The flaw is caused by a combination of a hardcoded backdoor account (username messagebus with an empty password) and insufficient neutralization of special elements in the system parameter. This allows a remote attacker to execute arbitrary commands by sending a specially crafted HTTP GET request containing a Base64-encoded command. Approximately 92,000 devices worldwide are estimated to be affected. Real-world exploitation has been observed, specifically for deploying Mirai-like botnets (such as skid.x86) to conduct large-scale DDoS attacks.

Recommendations Retire and replace the affected devices as they have reached end-of-life and no official patches will be provided. As a temporary mitigation, disconnect the devices from the network to prevent remote exploitation.