https://github.com/netsecfish/dlink Skip to content Toggle navigation Sign in * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code Explore + All features + Documentation + GitHub Skills + Blog * Solutions For + Enterprise + Teams + Startups + Education By Solution + CI/CD & Automation + DevOps + DevSecOps Resources + Learning Pathways + White papers, Ebooks, Webinars + Customer Stories + Partners * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles Repositories + Topics + Trending + Collections * Pricing Search or jump to... Search code, repositories, users, issues, pull requests... Search [ ] Clear Search syntax tips Provide feedback We read every piece of feedback, and take your input very seriously. [ ] [ ] Include my email address so I can be contacted Cancel Submit feedback Saved searches Use saved searches to filter your results more quickly Name [ ] Query [ ] To see all available qualifiers, see our documentation. Cancel Create saved search Sign in Sign up You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert {{ message }} netsecfish / dlink Public * Notifications * Fork 3 * Star 17 * 17 stars 3 forks Branches Tags Activity Star Notifications * Code * Issues 0 * Pull requests 0 * Actions * Projects 0 * Security * Insights Additional navigation options * Code * Issues * Pull requests * Actions * Projects * Security * Insights netsecfish/dlink This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. main BranchesTags Go to file Code Folders and files Name Name Last commit message Last commit date Latest commit History 5 Commits README.md README.md dns-320.jpg dns-320.jpg fofa-result.png fofa-result.png View all files Repository files navigation * README Command Injection and Backdoor Account in D-Link NAS Devices Vulnerability Summary: The described vulnerability affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others. The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hardcoded credentials, and a command injection vulnerability via the system parameter. This exploitation could lead to arbitrary command execution on the affected D-Link NAS devices, granting attackers potential access to sensitive information, system configuration alteration, or denial of service, by specifying a command,affecting over 92,000 devices on the Internet. Untitled Corresponding CWE CWE-77 (Command Injection) and CWE-798 (Use of Hard-coded Credentials). Affected Devices: * DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013 * DNS-325 Version 1.01 * DNS-327L Version 1.09, Version 1.00.0409.2013 * DNS-340L Version 1.08 Vulnerability Details: The vulnerability exists in the nas_sharing.cgi CGI script, which leads to: 1. Backdoor through Username and Password Exposure: The request includes parameters for a username (user=messagebus) and an empty password field (passwd=). This indicates a backdoor allowing unauthorized access without proper authentication. 2. Command Injection through the System Parameter: The system parameter within the request carries a base64 encoded value that, when decoded, appears to be a command. Exploitation: Craft Malicious HTTP Request: Prepare an HTTP GET request targeting the /cgi-bin/nas_sharing.cgi endpoint. GET /cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system= Actual Result Untitled Impact: Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modification of system configurations, or denial of service conditions. Fix Recommendation: * Apply available patches and updates from the device manufacturer. About No description, website, or topics provided. Resources Readme Activity Stars 17 stars Watchers 1 watching Forks 3 forks Report repository Releases No releases published Packages 0 No packages published Footer (c) 2024 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact * Manage cookies * Do not share my personal information You can't perform that action at this time.