CVE-2024-3272

CRITICAL CISA KEV
Published Apr 4, 2024 Modified Oct 30, 2025 CWE-798

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Apr 11, 2024 Remediation due: May 2, 2024

Weakness Type (CWE)

CWE-798 CWE-798

Affected Products

Vendor Product
dlink dns-320l_firmware
dlink dns-320l_firmware
dlink dns-320l_firmware
dlink dns-320l
dlink dns-120_firmware
dlink dns-120
dlink dnr-202l_firmware
dlink dnr-202l
dlink dns-315l_firmware
dlink dns-315l
dlink dns-320_firmware
dlink dns-320
dlink dns-320lw_firmware
dlink dns-320lw
dlink dns-321
dlink dns-321_firmware
dlink dnr-322l
dlink dnr-322l_firmware
dlink dns-323_firmware
dlink dns-323
dlink dns-325_firmware
dlink dns-325
dlink dns-326_firmware
dlink dns-326
dlink dns-327l_firmware
dlink dns-327l_firmware
dlink dns-327l
dlink dnr-326_firmware
dlink dnr-326
dlink dns-340l_firmware
dlink dns-340l
dlink dns-343
dlink dns-343_firmware
dlink dns-345
dlink dns-345_firmware
dlink dns-726-4
dlink dns-726-4_firmware
dlink dns-1100-4
dlink dns-1100-4_firmware
dlink dns-1200-05
dlink dns-1200-05_firmware
dlink dns-1550-04
dlink dns-1550-04_firmware

References

Frequently Asked Questions

What is CVE-2024-3272? +
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. It has a CVSS v3.1 base score of 9.8 (CRITICAL). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.
How severe is CVE-2024-3272? +
CVE-2024-3272 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2024-3272? +
CVE-2024-3272 affects products from dlink, specifically: dnr-202l, dnr-202l_firmware, dnr-322l, dnr-322l_firmware, dnr-326, dnr-326_firmware, dns-1100-4, dns-1100-4_firmware, dns-120, dns-1200-05, dns-1200-05_firmware, dns-120_firmware, dns-1550-04, dns-1550-04_firmware, dns-315l, dns-315l_firmware, dns-320, dns-320_firmware, dns-320l, dns-320l_firmware, dns-320lw, dns-320lw_firmware, dns-321, dns-321_firmware, dns-323, dns-323_firmware, dns-325, dns-325_firmware, dns-326, dns-326_firmware, dns-327l, dns-327l_firmware, dns-340l, dns-340l_firmware, dns-343, dns-343_firmware, dns-345, dns-345_firmware, dns-726-4, dns-726-4_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-3272? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-3426

We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is …
CVE-2025-4049

Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate …
CVE-2025-4569

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could …
CVE-2025-4570

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could …
CVE-2025-4041

In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize …
CVE-2025-2394

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-3272 — free, no signup required.

Start Free Scan