cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10914,https://securityvulnerability.io/vulnerability/CVE-2024-10914,D-Link Routers Vulnerable to OS Command Injection Attacks,"A vulnerability exists in D-Link network attached storage devices, including the DNS-320, DNS-320LW, DNS-325, and DNS-340L, which allows for OS command injection. This issue arises in the cgi_user_add function of the /cgi-bin/account_mgr.cgi interface, where improper handling of the 'name' argument can be exploited. The attack can be executed remotely, although the complexity of successfully exploiting this vulnerability is relatively high and requires advanced knowledge. Public disclosure of the exploit amplifies the risk, necessitating immediate attention to secure affected devices.",D-Link,Dns-320 Firmware,9.8,CRITICAL,0.16929000616073608,false,,true,false,true,2024-11-08T14:21:09.000Z,true,true,true,2024-11-11T06:52:01.862Z,2024-11-06T14:15:00.000Z,9109
CVE-2024-3272,https://securityvulnerability.io/vulnerability/CVE-2024-3272,Remote Code Execution Risk in D-Link DNS-320L and DNS-340L,"A significant vulnerability has been identified in D-Link's DNS series of network attached storage devices, specifically affecting models DNS-320L, DNS-325, DNS-327L, and DNS-340L up to version 20240403. The issue resides in the processing of requests made to the file /cgi-bin/nas_sharing.cgi, particularly where the argument user is manipulated using the input messagebus. This manipulation can result in exposure of hard-coded credentials, potentially allowing unauthorized remote access to the affected systems. As these products are no longer supported by D-Link, the vendor has confirmed that they have reached end-of-life status, and users are strongly advised to retire these products and migrate to supported alternatives.",D-link,"Dns-320l,Dns-325,Dns-327l,Dns-340l",9.8,CRITICAL,0.0625699982047081,true,2024-04-11T00:00:00.000Z,true,false,true,2024-04-09T13:30:53.000Z,true,true,false,,2024-04-04T01:15:00.000Z,4311
CVE-2024-3273,https://securityvulnerability.io/vulnerability/CVE-2024-3273,Command Injection Vulnerability in D-Link Network Attached Storage Devices,"A significant vulnerability has been identified in several models of D-Link Network Attached Storage devices, specifically in the HTTP GET request handler of the nas_sharing.cgi component. This vulnerability allows for command injection via manipulation of the 'system' argument, enabling remote attackers to execute arbitrary commands on the affected storage devices. The affected models, including DNS-320L, DNS-325, DNS-327L, and DNS-340L, are no longer supported by the vendor, confirming the necessity for users to migrate to newer hardware for security protection. This issue has been publicly disclosed, raising concerns for any users still operating these devices.",D-link,"Dns-320l,Dns-325,Dns-327l,Dns-340l",9.8,CRITICAL,0.9374099969863892,true,2024-04-11T00:00:00.000Z,true,true,true,2024-04-07T12:09:13.000Z,true,true,false,,2024-04-04T01:15:00.000Z,7987