1name: crowdsecurity/vpatch-CVE-2024-3272
2description: " D-Link NAS - RCE (CVE-2024-3272)" #UPDATE THIS
3rules:
4  - and:
5      - zones:
6          - METHOD
7        match:
8          type: equals
9          value: GET
10      - zones:
11          - URI
12        transform:
13          - lowercase
14        match:
15          type: endsWith
16          value: /cgi-bin/nas_sharing.cgi
17      - zones:
18          - ARGS
19        variables:
20          - cmd
21        transform:
22          - lowercase
23        match:
24          type: equals
25          value: "15"
26      - zones:
27          - ARGS_NAMES
28        match:
29          type: equals
30          value: system
31labels:
32  type: exploit
33  service: http
34  confidence: 3
35  spoofable: 0
36  behavior: "http:exploit"
37  label: "D-Link NAS - RCE"
38  classification:
39    - cve.CVE-2024-3272
40    - attack.T1595
41    - attack.T1190
42    - cwe.CWE-287
43