CVE-2024-27619
Summary
| CVE | CVE-2024-27619 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-03-29 15:15:11 UTC |
| Updated | 2026-07-09 01:18:57 UTC |
| Description | Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot. |
Risk And Classification
Primary CVSS: v3.1 7.3 HIGH from ADP
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS: 0.008430000 probability, percentile 0.535870000 (date 2026-07-09)
Problem Types: CWE-120 | n/a | CWE-120 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 7.3 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.3 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
AdjacentAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
HighAvailability
HighCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Dlink | Dir-3040 Firmware | affected 1.20b03 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin | D-Link | af854a3a-2127-422b-91ae-364da2661108 | www.dlink.com | |
| GitHub - ioprojecton/dir-3040_dos: CVE-2024-27619 | af854a3a-2127-422b-91ae-364da2661108 | github.com | |
| dgs888 เดิมพันออนไลน์ที่ดีที่สุดในปี 2024 | MITRE | dir-3040us.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.