CVE-2024-27619: Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow.
Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot.
Security readout for executives and security teams
Plain-English summary
CVE-2024-27619 describes a crash condition in the Dlink DIR-3040US A1 1.20b03a hotfix FTP service. A user with FTP read/write access can upload enough data to exhaust memory, causing the router to crash and reboot. The business risk is service disruption, especially where affected routers support operations or remote connectivity.
Executive priority
Treat this as a high-priority availability risk for any affected router with FTP enabled. Prioritize exposure reduction and vendor guidance review, especially for routers supporting critical sites, remote access, or business continuity.
Technical view
The source describes a buffer overflow/resource exhaustion issue tied to FTP uploads exceeding available RAM. The FTP server reportedly permits directory traversal above the USB flash directory root, and large uploads fill memory until the device crashes. CVSS 3.1 is 7.3 with adjacent attack vector, low complexity, low privileges, no user interaction, high integrity and availability impact.
Likely exposure
Exposure appears limited to Dlink DIR-3040US A1 devices running 1.20b03a hotfix with FTP enabled and accessible to users who have read/write FTP access. The CVE affected-product metadata is incomplete, so inventories should be validated against the device model, hardware revision, firmware, and FTP configuration.
Exploitation context
The CVE is not listed as KEV in the provided bundle. A public GitHub reference is cited, but the provided sources do not prove active exploitation. Practical abuse requires network adjacency per CVSS and valid low-privilege FTP read/write access.
Researcher notes
The record labels this CWE-120, but the description emphasizes memory exhaustion during FTP upload and device reboot. Product metadata is incomplete in the CVE bundle, so avoid broad affected-version claims. No source in the bundle confirms code execution or active exploitation.
Mitigation direction
Check D-Link security bulletins for vendor guidance or firmware updates.
Disable FTP if it is not operationally required.
Restrict FTP access to trusted management networks only.
Remove unnecessary FTP accounts and read/write permissions.
Replace or isolate unsupported devices if no vendor fix is available.
Validation and detection
Inventory DIR-3040US A1 devices and record firmware versions.
Confirm whether firmware 1.20b03a hotfix is deployed.
Review whether FTP is enabled and reachable from adjacent networks.
Audit FTP users for read/write access.
Monitor affected routers for unexplained crashes or reboots.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-120: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-120 · source CWE mapping
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.