Details of VAR-202403-3225

ID

VAR-202403-3225

CVE

CVE-2024-27619

TITLE

D-Link Dir-3040us Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-24535

DESCRIPTION

Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot. D-Link Dir-3040us is a router. D-Link Dir-3040us has a denial of service vulnerability that can be exploited by an attacker to cause the system to crash and reboot

Trust: 1.44

sources: NVD: CVE-2024-27619 // CNVD: CNVD-2024-24535

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-24535

AFFECTED PRODUCTS

vendor:

d link

model:

dir-3040us a1 1.20b03a

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2024-24535

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-27619
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-24535
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-24535
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-27619
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.2
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-24535 // NVD: CVE-2024-27619

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2024-27619

EXTERNAL IDS

db:	NVD	id:	CVE-2024-27619	Trust: 1.6
db:	CNVD	id:	CNVD-2024-24535	Trust: 0.6

sources: CNVD: CNVD-2024-24535 // NVD: CVE-2024-27619

REFERENCES

url:	http://dir-3040us.com	Trust: 1.0
url:	https://github.com/ioprojecton/dir-3040_dos	Trust: 1.0
url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-27619	Trust: 0.6

sources: CNVD: CNVD-2024-24535 // NVD: CVE-2024-27619

SOURCES

db:	CNVD	id:	CNVD-2024-24535
db:	NVD	id:	CVE-2024-27619

LAST UPDATE DATE

2024-09-05T23:05:54.078000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-24535	date:	2024-05-28T00:00:00
db:	NVD	id:	CVE-2024-27619	date:	2024-09-04T17:35:03.770

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-24535	date:	2024-05-30T00:00:00
db:	NVD	id:	CVE-2024-27619	date:	2024-03-29T15:15:11.057