CVE-2010-20121
EasyFTP Server <= 1.7.0.11 CWD Command Stack Buffer Overflow
Vexday Risk Score
63Prioridad alta
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.3EPSS 3.0%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Ciclo de vida
16 feb 2010Exploit Metasploit disponible
21 ago 2025Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
KMiNT21 Software · EasyFTP ServerPoCs públicas encontradas — 7
cve_referencepaulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/no verificadocve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rbno verificadocve_referenceseclists.org/bugtraq/2010/Feb/202no verificadocve_referencewww.exploit-db.com/exploits/11668no verificadocve_referencewww.exploit-db.com/exploits/12312no verificadocve_referencewww.exploit-db.com/exploits/14402no verificadocve_referencewww.exploit-db.com/exploits/16737no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rbhttps://seclists.org/bugtraq/2010/Feb/202https://www.exploit-db.com/exploits/11668https://www.exploit-db.com/exploits/12312https://www.exploit-db.com/exploits/14402https://www.exploit-db.com/exploits/16737https://www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-overflow