{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-27619", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-04T16:12:50.126Z", "dateReserved": "2024-02-26T00:00:00.000Z", "datePublished": "2024-03-29T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-29T14:12:33.319Z"}, "descriptions": [{"lang": "en", "value": "Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "http://dir-3040us.com"}, {"url": "https://github.com/ioprojecton/dir-3040_dos"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.486Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["x_transferred"]}, {"url": "http://dir-3040us.com", "tags": ["x_transferred"]}, {"url": "https://github.com/ioprojecton/dir-3040_dos", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "affected": [{"vendor": "dlink", "product": "dir-3040_firmware", "cpes": ["cpe:2.3:o:dlink:dir-3040_firmware:1.20b03:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.20b03", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T16:04:38.318016Z", "id": "CVE-2024-27619", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T16:12:50.126Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["x_transferred"]}, {"url": "http://dir-3040us.com", "tags": ["x_transferred"]}, {"url": "https://github.com/ioprojecton/dir-3040_dos", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.486Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27619", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T16:04:38.318016Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:dlink:dir-3040_firmware:1.20b03:*:*:*:*:*:*:*"], "vendor": "dlink", "product": "dir-3040_firmware", "versions": [{"status": "affected", "version": "1.20b03"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T19:39:08.545Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.dlink.com/en/security-bulletin/"}, {"url": "http://dir-3040us.com"}, {"url": "https://github.com/ioprojecton/dir-3040_dos"}], "descriptions": [{"lang": "en", "value": "Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-29T14:12:33.319Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27619", "state": "PUBLISHED", "dateUpdated": "2024-09-04T16:12:50.126Z", "dateReserved": "2024-02-26T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-29T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot."}, {"lang": "es", "value": "La revisi\u00f3n Dlink Dir-3040us A1 1.20b03a es vulnerable al desbordamiento del b\u00fafer. Cualquier usuario que tenga acceso de lectura/escritura al servidor ftp puede escribir directamente en la RAM, provocando un desbordamiento del b\u00fafer si el archivo o los archivos cargados son mayores que la RAM disponible. El servidor Ftp permite cambiar el directorio a la ra\u00edz, que est\u00e1 un nivel por encima de la ra\u00edz del directorio flash USB. Durante la carga, la RAM se llena y provoca que se agoten los recursos del sistema (no hay memoria libre), lo que provoca que el sistema falle y se reinicie."}], "id": "CVE-2024-27619", "lastModified": "2024-11-21T09:04:48.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-29T15:15:11.057", "references": [{"source": "cve@mitre.org", "url": "http://dir-3040us.com"}, {"source": "cve@mitre.org", "url": "https://github.com/ioprojecton/dir-3040_dos"}, {"source": "cve@mitre.org", "url": "https://www.dlink.com/en/security-bulletin/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dir-3040us.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/ioprojecton/dir-3040_dos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}