CVE-2024-27619 - Vulnerability Details - OpenCVE

Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
http://dir-3040us.com
https://github.com/ioprojecton/dir-3040_dos
https://www.dlink.com/en/security-bulletin/

History

Wed, 04 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-29T00:00:00

Updated: 2024-09-04T16:12:50.126Z

Reserved: 2024-02-26T00:00:00

Link: CVE-2024-27619

Vulnrichment

Updated: 2024-08-02T00:34:52.486Z

NVD

Status : Awaiting Analysis

Published: 2024-03-29T15:15:11.057

Modified: 2024-11-21T09:04:48.367

Link: CVE-2024-27619

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-27619", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-04T16:12:50.126Z", "dateReserved": "2024-02-26T00:00:00", "datePublished": "2024-03-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-29T14:12:33.319334"}, "descriptions": [{"lang": "en", "value": "Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "http://dir-3040us.com"}, {"url": "https://github.com/ioprojecton/dir-3040_dos"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.486Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["x_transferred"]}, {"url": "http://dir-3040us.com", "tags": ["x_transferred"]}, {"url": "https://github.com/ioprojecton/dir-3040_dos", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "affected": [{"vendor": "dlink", "product": "dir-3040_firmware", "cpes": ["cpe:2.3:o:dlink:dir-3040_firmware:1.20b03:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.20b03", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T16:04:38.318016Z", "id": "CVE-2024-27619", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T16:12:50.126Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["x_transferred"]}, {"url": "http://dir-3040us.com", "tags": ["x_transferred"]}, {"url": "https://github.com/ioprojecton/dir-3040_dos", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.486Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27619", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T16:04:38.318016Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:dlink:dir-3040_firmware:1.20b03:*:*:*:*:*:*:*"], "vendor": "dlink", "product": "dir-3040_firmware", "versions": [{"status": "affected", "version": "1.20b03"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T19:39:08.545Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "http://dir-3040us.com"}, {"url": "https://github.com/ioprojecton/dir-3040_dos"}], "descriptions": [{"lang": "en", "value": "Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-29T14:12:33.319334"}}}, "cveMetadata": {"cveId": "CVE-2024-27619", "state": "PUBLISHED", "dateUpdated": "2024-09-04T16:12:50.126Z", "dateReserved": "2024-02-26T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-29T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot."}, {"lang": "es", "value": "La revisi\u00f3n Dlink Dir-3040us A1 1.20b03a es vulnerable al desbordamiento del b\u00fafer. Cualquier usuario que tenga acceso de lectura/escritura al servidor ftp puede escribir directamente en la RAM, provocando un desbordamiento del b\u00fafer si el archivo o los archivos cargados son mayores que la RAM disponible. El servidor Ftp permite cambiar el directorio a la ra\u00edz, que est\u00e1 un nivel por encima de la ra\u00edz del directorio flash USB. Durante la carga, la RAM se llena y provoca que se agoten los recursos del sistema (no hay memoria libre), lo que provoca que el sistema falle y se reinicie."}], "id": "CVE-2024-27619", "lastModified": "2024-11-21T09:04:48.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-29T15:15:11.057", "references": [{"source": "cve@mitre.org", "url": "http://dir-3040us.com"}, {"source": "cve@mitre.org", "url": "https://github.com/ioprojecton/dir-3040_dos"}, {"source": "cve@mitre.org", "url": "https://www.dlink.com/en/security-bulletin/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dir-3040us.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/ioprojecton/dir-3040_dos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}