CVE-2024-3274 Scanner
CVE-2024-3274 Scanner - Information Disclosure vulnerability in D-LINK DNS-320L, DNS-320LW, and DNS-327L
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
19 days 23 hours
Scan only one
Domain, IPv4
Toolbox
-
The D-LINK DNS-320L, DNS-320LW, and DNS-327L are network-attached storage devices used primarily by small businesses and home networks. These devices allow for the storage and sharing of files over a network, which can be accessed remotely. They are popular for their ease of use and efficient file management capabilities. Users span from individuals for personal file storage to small offices needing a central data repository. With features enabling remote access, these devices are integral in scenarios where data needs to be shared quickly and securely across users and locations.
This information disclosure vulnerability exposes sensitive data via an HTTP GET request. Attackers can exploit this by sending crafted requests to the affected "/cgi-bin/info.cgi" endpoint, retrieving configuration details that should not be publicly accessible. Information such as device model, build version, and MAC addresses can be disclosed, posing a potential risk for further exploitation. The vulnerability arises due to inadequate access control checks or improper handling of user input.
The technical root of the vulnerability lies within the HTTP GET request handler of the device, specifically in the "/cgi-bin/info.cgi" endpoint. This endpoint, when queried, can return sensitive information which should ideally be restricted. The response includes key-value pairs that contain device configuration details, which an unauthorized user could leverage to gather intelligence. The vulnerability is straightforward and can be checked by examining the HTTP status code and response body. In typical scenarios, a status code of 200 along with specific model details indicates the presence of this issue.
If this vulnerability is exploited, malicious individuals could gather sensitive network device configuration data. This exposure could lead to unauthorized access attempts, targeted attacks on the devices, or broader network security breaches. An attacker armed with disclosed device specifications and configurations might exploit other vulnerabilities or use the data for phishing or social engineering attacks. The integrity and confidentiality of the network could be compromised, risking both data loss and privacy concerns.
REFERENCES: