This Python script exploits a vulnerability (CVE-2024-3273) in D-Link NAS devices, allowing arbitrary command execution. It leverages the vulnerability to execute commands remotely on the affected devices.
- Executes arbitrary commands on D-Link NAS devices.
- Supports both single host and multiple hosts from a file.
- Concurrent execution of commands for improved efficiency.
- Option to specify the number of threads for concurrent execution.
- Option to specify a custom command to execute (default:
id). - Prints colored output for easy identification of vulnerable hosts and responses.
- Python 3.10
- Requests library (2.26.0)
- Colorama library (0.4.6)
python CVE-2024-3273.py [-h] [-u URL] [-f FILENAME] [-o OUTPUT] [-t THREAD] [-c COMMAND]
-u, --url: Specify the URL/IP of the target host.-f, --filename: Provide the path to a file containing a list of hosts.-o, --output: Specify the path to save vulnerable hosts.-t, --thread: Number of threads for concurrent execution (default: 5).-c, --command: Specify the command to run (default:id).
- adhikara13
This script is for educational purposes only. Use it at your own risk.