CVE-2010-20121
EasyFTP Server <= 1.7.0.11 CWD Command Stack Buffer Overflow
Vexday Risk Score
63Prioridade alta
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 9.3EPSS 3.0%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Ciclo de vida
16 fev 2010Exploit Metasploit disponível
21 ago 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
KMiNT21 Software · EasyFTP ServerPoCs públicas encontradas — 7
cve_referencepaulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/não verificadocve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rbnão verificadocve_referenceseclists.org/bugtraq/2010/Feb/202não verificadocve_referencewww.exploit-db.com/exploits/11668não verificadocve_referencewww.exploit-db.com/exploits/12312não verificadocve_referencewww.exploit-db.com/exploits/14402não verificadocve_referencewww.exploit-db.com/exploits/16737não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rbhttps://seclists.org/bugtraq/2010/Feb/202https://www.exploit-db.com/exploits/11668https://www.exploit-db.com/exploits/12312https://www.exploit-db.com/exploits/14402https://www.exploit-db.com/exploits/16737https://www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-overflow