Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 2, 2024

CVE-2024-3273

High
EPSS 94.4%CISA KEV
D-Link/Multiple NAS Devices

Description

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.

EPSS — Exploit Probability

94.4%

Higher than 100.0% of all CVEs

Required Action

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383; https://nvd.nist.gov/vuln/detail/CVE-2024-3273

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
94.4%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Apr 11, 2024

Added to KEV

Apr 11, 2024

Remediation Due

May 2, 2024

Affected Product

D-Link

Multiple NAS Devices

View all D-Link CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE