Share
## https://sploitus.com/exploit?id=7CB33D3E-A1F4-5054-A15A-61EF7FE3AC56
# CVE-2024-10914 ported to rust and python
because why not

## what is this
cve-2024-10914 is a recently discovered 9.8 critical score vulnerability that affects some dlink routers. because those routers reached their eol support, dlink refuses to patch this vulnerability because "stop being poor and just buy a new router".

## how does this work
the vulnerable devices expose an http endpoint, usually under `/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=<user_input>`. due to improper sanitization, instead of strictly limiting or validating the input (only allowing alphanumeric characters), the application allows any character to be injected, which includes special characters used for command line operations, hence allowing for arbitrary code execution.

by inserting shell metacharacters (such as ; | & or $(command)) in the name field, anyone can run shell commands with ease. for example:

`...name=admin'; echo 'get pwned bozo'; #`

all these script do is send a request with the name parameter changed to whatever code you want to run.

there's a pretty good video by fireship that explains it into more detail: https://www.youtube.com/watch?v=52v6gKPA4TM

## how 2 use:

first you need to have a vulnerable device, some models include:
- DNS-320 (Version 1.00)
- DNS-320LW (Version 1.01.0914.2012)
- DNS-325 (Versions 1.01, 1.02)
- DNS-340L (Version 1.08)

i strongly advise against using this script against someone else without their consent, please only do this stuff if you own the router or you have the owner's consent

### rust
- if you already know the device ip address:
> `cargo run -- -u http://<device ip address>`
- if you want to perform a quick network scan:
> `cargo run`

### python
- first install dependencies
> `pip install -r requirements.txt`
- if you already know the device ip address:
> `python main.py -u http://<device ip address>`
- if you want to perform a quick network scan:
> `python main.py`

then follow instructions

## credits

i did not come up with the original code, [verylazytech](https://github.com/verylazytech/) did. i only ported it to rust and python because why the fuck not. of course all credit goes to him and any other person involved in the discovery of this exploit.

https://github.com/verylazytech/CVE-2024-10914/