CVE-2010-20121 — CRITICAL (9.8)

Q: How severe is CVE-2010-20121?

CVE-2010-20121 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2010-20121?

Check the references section above for vendor advisories and patch information. Affected products include: Easyftp Server Project Easyftp Server.

Vulnerability Description

EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Easyftp Server Project	Easyftp Server	< 1.7.0.12

Related Weaknesses (CWE)

CWE-121

References

https://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-aExploitThird Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/expExploit
https://seclists.org/bugtraq/2010/Feb/202ExploitMailing ListThird Party Advisory
https://www.exploit-db.com/exploits/11668ExploitVDB Entry
https://www.exploit-db.com/exploits/12312ExploitVDB Entry
https://www.exploit-db.com/exploits/14402ExploitVDB Entry
https://www.exploit-db.com/exploits/16737ExploitVDB Entry
https://www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-oveThird Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/expExploit
https://seclists.org/bugtraq/2010/Feb/202ExploitMailing ListThird Party Advisory
https://www.exploit-db.com/exploits/11668ExploitVDB Entry
https://www.exploit-db.com/exploits/12312ExploitVDB Entry
https://www.exploit-db.com/exploits/14402ExploitVDB Entry
https://www.exploit-db.com/exploits/16737ExploitVDB Entry

FAQ

What is CVE-2010-20121?

CVE-2010-20121 is a vulnerability with a CVSS score of 9.8 (CRITICAL). EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to pr...

How severe is CVE-2010-20121?

CVE-2010-20121 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2010-20121?

Check the references section above for vendor advisories and patch information. Affected products include: Easyftp Server Project Easyftp Server.