CVE-2020-26130

high

Description

Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary.

References

https://sourceforge.net/projects/tftp-server/

https://github.com/an0ry/advisories

https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26130.md

Details

Source: Mitre, NVD

Published: 2020-10-28

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00139