1name: crowdsecurity/vpatch-CVE-2024-3273
2description: "D-LINK NAS Command Injection (CVE-2024-3273)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: cgi-bin/nas_sharing.cgi
12    - zones:
13      - METHOD
14      match:
15        type: equals
16        value: GET
17    - zones:
18      - ARGS_NAMES
19      transform:
20      - lowercase
21      match:
22        type: contains
23        value: system
24    - zones:
25      - ARGS
26      transform:
27      - lowercase
28      match:
29        type: contains
30        value: messagebus
31labels:
32  type: exploit
33  service: http
34  confidence: 3
35  spoofable: 0
36  behavior: "http:exploit"
37  label: "D-LINK NAS Command Injection"
38  classification:
39   - cve.CVE-2024-3273
40   - attack.T1595
41   - attack.T1190