D-Link Dns 320l Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in D-Link Dns 320l Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in D-Link Dns 320l Firmware. Dns 320l Firmware did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 8.55 |
It may take a day or so for new Dns 320l Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D-Link Dns 320l Firmware Security Vulnerabilities
Hardcoded creds via /cgi-bin/nas_sharing.cgi GET on D-Link DNS-3xx routers
CVE-2024-3272
9.8 - Critical
- April 04, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Use of Hard-coded Credentials
D-Link DNS320L/325/327L/340L HTTP GET Command Injection via nas_sharing.cgi
CVE-2024-3273
7.3 - High
- April 04, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for D-Link Dns 320l Firmware or by D-Link? Click the Watch button to subscribe.
