ET WEB_SPECIFIC_APPS D-Link NAS devices Backdoor Account Access and Command Injection Attempt (CVE-2024-3273)

SID: 2051955Rev: 126 viewsHistory

Sourceet/open

CreatedApril 8, 2024

UpdatedApril 8, 2024

Classificationattempted-admin

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS D-Link NAS devices Backdoor Account Access and Command Injection Attempt (CVE-2024-3273)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cgi-bin/nas_sharing.cgi?"; startswith; content:"user|3d|messagebus"; fast_pattern; content:"passwd|3d|"; content:"cmd|3d|15"; content:"system|3d|"; reference:url,supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383; reference:cve,2024-3273; classtype:attempted-admin; sid:2051955; rev:1; metadata:affected_product D_Link, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_04_08, cve CVE_2024_3273, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_04_08, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services; target:dest_ip;)

References

url	supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
cve	2024-3273

Metadata

affected productD_Link

attack targetNetworking_Equipment

tls stateplaintext

created at2024_04_08

cveCVE-2024-3273

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagCISA_KEV

updated at2024_04_08

mitre tactic idTA0008

mitre tactic nameLateral_Movement

mitre technique idT1210

mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!