Loading...

CVE-2024-10914 Scanner

Check for command injection vulnerability in D-Link NAS devices

Target Information
Vulnerability Information
CVE-2024-10914: Command Injection

Command injection vulnerability in D-Link NAS devices via account_mgr.cgi script. Allows remote attackers to execute arbitrary commands through the 'name' parameter.

Impact
  • Remote code execution (root)
  • Unauthorized access
  • Data theft risk
Technical Details
  • Type: Command Injection
  • Vector: Remote
  • Auth: Not Required
  • CVSS: 9.8 (Critical)
Vulnerable Devices
Select a device to view detailed information
DNS-320
Firmware: 1.00

2-Bay NAS • RAID 0/1 • Gigabit • USB 2.0

cpe:2.3:h:d-link:dns-320:*:*:*:*:*:*:*:*
DNS-320LW
Firmware: 1.01.0914.2012

2-Bay NAS • Wireless N • Gigabit • USB 2.0

cpe:2.3:h:d-link:dns-320lw:*:*:*:*:*:*:*:*
DNS-325
Firmware: 1.01, 1.02

2-Bay NAS • RAID 0/1 • Gigabit • USB 2.0/3.0

cpe:2.3:h:d-link:dns-325:*:*:*:*:*:*:*:*
DNS-340L
Firmware: 1.08

4-Bay NAS • RAID 0/1/5/10 • Gigabit • USB 2.0/3.0

cpe:2.3:h:d-link:dns-340l:*:*:*:*:*:*:*:*
Warning
Important Notice
  • This tool is designed for security testing and vulnerability assessment purposes only
  • Do not use this tool for unauthorized access or malicious attacks
  • Always obtain proper authorization before testing any system
  • Users are responsible for their actions and must comply with applicable laws
  • This tool is provided "as is" without any warranty
Scan History
Reference: This tool and detection logic are based on the open-source project ThemeHackers/CVE-2024-10914 by ThemeHackers.