← back
CVE-2010-20121

EasyFTP Server <= 1.7.0.11 CWD Command Stack Buffer Overflow

CVSS 9.3 CRITICALEPSS 3.0%CWE-121
Vexday Risk Score
63High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 3.0%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
16 Feb 2010Metasploit module available
21 Aug 2025Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
KMiNT21 Software · EasyFTP Server
public PoCs found7
cve_referencepaulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/unverifiedcve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rbunverifiedcve_referenceseclists.org/bugtraq/2010/Feb/202unverifiedcve_referencewww.exploit-db.com/exploits/11668unverifiedcve_referencewww.exploit-db.com/exploits/12312unverifiedcve_referencewww.exploit-db.com/exploits/14402unverifiedcve_referencewww.exploit-db.com/exploits/16737unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rbhttps://seclists.org/bugtraq/2010/Feb/202https://www.exploit-db.com/exploits/11668https://www.exploit-db.com/exploits/12312https://www.exploit-db.com/exploits/14402https://www.exploit-db.com/exploits/16737https://www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-overflow