CVE-2024-3273D-Link Multiple NAS Devices Command Injection Vulnerability

PUBLISHEDvulnerability record
2024-04-11 · last modified June 21, 2025

Metadata

CVE ID:
CVE-2024-3273
Project:
D-Link
Product:
Multiple NAS Devices
Date Added:
2024-04-11
Due Date:
2024-05-02
Last Updated:
June 21, 2025

Vulnerability Name

D-Link Multiple NAS Devices Command Injection Vulnerability

Description

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Additional Notes

Related News Articles

Related Weaknesses