CVE-2024-3274

Name of the Vulnerable Software and Affected Versions D-Link DNS-320L versions up to 20240403 D-Link DNS-320LW versions up to 20240403 D-Link DNS-327L versions up to 20240403

Description A vulnerability has been found in the file /cgi-bin/info.cgi of the component HTTP GET Request Handler, leading to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vulnerability is related to insufficient access control in the CGI script info.cgi, which can allow an attacker to execute arbitrary code by sending a specially crafted HTTP GET request.

Recommendations For D-Link DNS-320L versions up to 20240403, consider retiring and replacing the product as it is end-of-life. For D-Link DNS-320LW versions up to 20240403, consider retiring and replacing the product as it is end-of-life. For D-Link DNS-327L versions up to 20240403, consider retiring and replacing the product as it is end-of-life. As a temporary workaround, consider restricting access to the /cgi-bin/info.cgi file to minimize the risk of exploitation.