## https://sploitus.com/exploit?id=58A97D55-6D3E-5FD9-B3B9-692F7FB64167
# CVE-2024-10914: Critical Command Injection Vulnerability in D-Link NAS Devices
## Description
CVE-2024-10914 is a critical command injection vulnerability affecting legacy D-Link Network Attached Storage (NAS) devices. This flaw, with a **CVSS score of 9.2**, allows unauthenticated attackers to execute arbitrary shell commands by exploiting improper input validation in the `cgi_user_add` command.
The vulnerability can be triggered remotely using a specially crafted HTTP GET request, making it highly exploitable.
## Affected Devices
This vulnerability impacts the following D-Link NAS models:
- **DNS-320**: Firmware version 1.00
- **DNS-320LW**: Version 1.01.0914.2012
- **DNS-325**: Versions 1.01 and 1.02
- **DNS-340L**: Version 1.08