CVE-2024-27619

Name of the Vulnerable Software and Affected Versions Dlink Dir-3040us A1 version 1.20b03a hotfix

Description The issue allows any user with read/write access to the ftp server to write directly to ram, causing a buffer overflow if the uploaded file or files exceed the available ram. The ftp server permits changing the directory to the root, which is one level up from the root of the usb flash directory. During upload, the ram becomes filled, leading to system resource exhaustion and causing the system to crash and reboot.

Recommendations For Dlink Dir-3040us A1 version 1.20b03a hotfix, as a temporary workaround, consider restricting access to the ftp server to minimize the risk of exploitation. Avoid using the ftp server for uploading files that are larger than the available ram until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.