← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-3272 — Actively Exploited: Multiple NAS Devices (D-Link)

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.

CVE IDCVE-2024-3272
VendorD-Link
ProductMultiple NAS Devices
Vulnerability nameD-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
Date added2024-04-11
Remediation due2024-05-02
Known ransomware useUnknown
Required actionThis vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.
DescriptionD-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →