This repo contains a proof-of-concept (PoC) exploit for a critical vulnerability affecting D-Link NAS devices. The bug, tracked as CVE-2024-10914, impacts the following models:
- D-Link DNS-320
- D-Link DNS-320LW
- D-Link DNS-325
- D-Link DNS-340L
The vulnerability is in a function called cgi_user_add, which is part of the /cgi-bin/account_mgr.cgi script.
The bug happens because the name parameter isn't properly checked before it’s used in system commands.
This lets an attacker send malicious input (OS commands) in the name field to execute anything they want on the device.
For example an attacker can send/execute an id command through the path of the name field /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27
This PoC is only for testing and learning purposes. I’m not responsible for any illegal or harmful use of this code. Always act responsibly when researching or testing vulnerabilities.