Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-3274Sensitive Information Exposure in D-link Dns-320l

CWE-200Sensitive Information ExposureCWE-908Use of Uninitialized Resource5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
57.9%
top 1.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
D-link Dns-320lD-link Dns-320lwD-link Dns-327l
Timeline
PublishedApr 4

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE:

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5d-link/dns-320lw20240403
CVEListV5d-link/dns-320l20240403
CVEListV5d-link/dns-327l20240403

🔴Vulnerability Details

2
GHSA
GHSA-gfv4-5h96-2r6f: A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic2024-04-04
CVEList
D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure2024-04-04

💥Exploits & PoCs

1
Nuclei
D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
CVE-2024-3274 — Sensitive Information Exposure | cvebase