CVE-2024-3272 | D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials

Exp

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Published: 2024-04-04 Last update: 2025-10-30 Assigner: [email protected] Source: [email protected]

NVD Status：Analyzed，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2024-3272

KEV EPSS CVSS CWE Exploit-DB Affected

Conclusion & alert: CVE-2024-3272 is rated Critical Active Threat (99.1/100): CVSS Critical severity, with high exploitation likelihood (EPSS 94.11%, 100th percentile). Core evidence: CISA KEV confirms active exploitation (added 2024-04-11) affecting D-Link / Multiple NAS Devices. a weakness (CWE-798) Unauthenticated remote administrative access may be possible. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

CISA KEV Record for CVE-2024-3272

Name: D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability · CISA KEV detail

Exploit added: 2024-04-11

Action due: 2024-05-02

Required action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Public exploit references (Exploit-DB) for CVE-2024-3272

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2024-3272

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-08	94.19%	94.11%	-0.08%
2	2025-11-21	93.60%	94.19%	+0.59%
3	2025-11-18	—	93.60%	—

Full EPSS history (20 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2024-3272

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.8	3.1	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	5.9	[email protected]
9.8	3.1	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	5.9	[email protected]
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Weakness enumeration for CVE-2024-3272

CWE-798 MITRE ↗

Affected software / configurations for CVE-2024-3272

Vendor	Product	Version	Raw CPE
dlink	dns-320l_firmware	1.01.0702.2013	cpe:2.3:o:dlink:dns-320l_firmware:1.01.0702.2013:::::::*
dlink	dns-320l_firmware	1.03.0904.2013	cpe:2.3:o:dlink:dns-320l_firmware:1.03.0904.2013:::::::*
dlink	dns-320l_firmware	1.11	cpe:2.3:o:dlink:dns-320l_firmware:1.11:::::::*
dlink	dns-120_firmware	—	cpe:2.3:o:dlink:dns-120_firmware:-:::::::*
dlink	dnr-202l_firmware	—	cpe:2.3:o:dlink:dnr-202l_firmware:-:::::::*
dlink	dns-315l_firmware	—	cpe:2.3:o:dlink:dns-315l_firmware:-:::::::*
dlink	dns-320_firmware	—	cpe:2.3:o:dlink:dns-320_firmware:-:::::::*
dlink	dns-320lw_firmware	—	cpe:2.3:o:dlink:dns-320lw_firmware:-:::::::*
dlink	dns-321_firmware	—	cpe:2.3:o:dlink:dns-321_firmware:-:::::::*
dlink	dnr-322l_firmware	—	cpe:2.3:o:dlink:dnr-322l_firmware:-:::::::*
dlink	dns-323_firmware	—	cpe:2.3:o:dlink:dns-323_firmware:-:::::::*
dlink	dns-325_firmware	1.01	cpe:2.3:o:dlink:dns-325_firmware:1.01:::::::*
dlink	dns-326_firmware	—	cpe:2.3:o:dlink:dns-326_firmware:-:::::::*
dlink	dns-327l_firmware	1.00.0409.2013	cpe:2.3:o:dlink:dns-327l_firmware:1.00.0409.2013:::::::*
dlink	dns-327l_firmware	1.09	cpe:2.3:o:dlink:dns-327l_firmware:1.09:::::::*
dlink	dnr-326_firmware	—	cpe:2.3:o:dlink:dnr-326_firmware:-:::::::*
dlink	dns-340l_firmware	1.08	cpe:2.3:o:dlink:dns-340l_firmware:1.08:::::::*
dlink	dns-343_firmware	—	cpe:2.3:o:dlink:dns-343_firmware:-:::::::*
dlink	dns-345_firmware	—	cpe:2.3:o:dlink:dns-345_firmware:-:::::::*
dlink	dns-726-4_firmware	—	cpe:2.3:o:dlink:dns-726-4_firmware:-:::::::*
dlink	dns-1100-4_firmware	—	cpe:2.3:o:dlink:dns-1100-4_firmware:-:::::::*
dlink	dns-1200-05_firmware	—	cpe:2.3:o:dlink:dns-1200-05_firmware:-:::::::*
dlink	dns-1550-04_firmware	—	cpe:2.3:o:dlink:dns-1550-04_firmware:-:::::::*

References for CVE-2024-3272

URL	Tags
https://github.com/netsecfish/dlink	Exploit Third Party Advisory
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383	Vendor Advisory
https://vuldb.com/?ctiid.259283	Permissions Required
https://vuldb.com/?id.259283	Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-3272	US Government Resource

cvelogic Threat Intelligence