What is CVE-2024-3273?

A critical command injection vulnerability exists in several D-Link NAS devices. It allows remote attackers to execute arbitrary commands. Immediate action is required to mitigate risks associated with this vulnerability.

What is the severity of CVE-2024-3273?

CVE-2024-3273 has a severity rating of HIGH with a CVSS base score of 7.3.

CVE-2024-3273 | High Vulnerability in D-Link Multiple NAS Devices

Q: Is CVE-2024-3273 in CISA KEV?

Yes. CVE-2024-3273 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

This vulnerability allows remote attackers to exploit a command injection flaw in D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices. The vulnerability has been classified as high severity with a CVSS score of 7.3. This means that organizations using these devices are at significant risk, especially since the vulnerability affects products that are no longer supported by the vendor.

Risk to organizations includes unauthorized remote code execution, which can lead to a complete compromise of the affected systems. The exploit has been publicly disclosed, raising the urgency for organizations to take action before they become targets.

Given the critical nature of this vulnerability and its potential impact, organizations should prioritize patching immediately. The vendor has confirmed that these devices have reached their end-of-life, indicating a strong need for replacement.

Organizations using these models should assess their exposure and consider immediate remediation strategies to mitigate risks.

Vulnerability Details

CVE-2024-3273 is a critical command injection vulnerability found in D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices. The vulnerability is identified in the HTTP GET Request Handler component where manipulation of the 'system' argument can lead to arbitrary command execution. This vulnerability has been disclosed publicly and has a CVSS score of 7.3, indicating high severity.

The affected products are all versions prior to 20240403. Given that these devices are no longer supported, organizations should consider transitioning to newer, supported devices.

Technical Analysis

The root cause of this vulnerability lies in improper handling of user input within the CGI script located at /cgi-bin/nas_sharing.cgi. The attack vector is network-based, allowing unauthenticated remote attackers to exploit the flaw without any user interaction required.

The attack complexity is low, and no privileges are required to execute the attack. The vulnerability affects confidentiality, integrity, and availability, each with low impact due to the nature of command injection.

Risk & Impact Analysis

Real-world deployment risk is significant, as the affected devices are commonly used in home and small business environments. Exploitation could lead to unauthorized access to sensitive data or complete system compromise, allowing attackers to leverage these devices for further attacks within the network.

Organizations should assess the blast radius of this vulnerability, as the potential for lateral movement within networks could lead to greater risks.

Given the high CVSS score and the fact that this vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog, organizations must act swiftly and prioritize remediation efforts.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

Affected products include D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L with firmware versions up to 20240403. All versions prior to the vendor patch are vulnerable.

Mitigation & Remediation

To remediate this vulnerability, organizations should retire and replace the affected devices as they are no longer supported by the vendor. For further guidance on security practices, organizations can consider engaging in penetration testing services to ensure their environment is secure.

Detection Guidance

To detect exploitation attempts, organizations should monitor logs for unusual HTTP GET requests to /cgi-bin/nas_sharing.cgi, check for command execution anomalies, and review system changes that could indicate exploitation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2024-3273 lies in its demonstration of the vulnerabilities inherent in unsupported devices. Organizations must recognize the potential for attackers to exploit such weaknesses, particularly in legacy systems. This vulnerability is indicative of a broader trend of targeting outdated hardware, and security teams should prioritize upgrading to supported products and maintaining an updated inventory of all devices.

To stay ahead of such vulnerabilities, organizations should implement a penetration testing methodology to continually assess their security posture.

Additionally, organizations can benefit from establishing a vulnerability management program to address risks associated with outdated systems and ensure timely remediation efforts.

By understanding the implications of vulnerabilities like CVE-2024-3273, organizations can better prepare their defenses against evolving threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-3273: High Vulnerability in D-Link Multiple NAS Devices