Detections
Analytics

CVE-2010-20121

critical

Description

EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”

References

https://www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-overflow

https://www.exploit-db.com/exploits/16737

https://www.exploit-db.com/exploits/14402

https://www.exploit-db.com/exploits/12312

https://www.exploit-db.com/exploits/11668

https://seclists.org/bugtraq/2010/Feb/202

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb

https://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/

Details

Source: Mitre, NVD

Published: 2025-08-21

Updated: 2025-08-22

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.0066