logo_clicknbuy.png

CVE-2010-20121 – EasyFTP Server Stack-Based Buffer Overflow Vulnerability

The following table lists the changes that have been made to the
CVE-2010-20121 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Aug. 21, 2025

    Action Type Old Value New Value
    Added Description EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-121
    Added Reference https://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/
    Added Reference https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb
    Added Reference https://seclists.org/bugtraq/2010/Feb/202
    Added Reference https://www.exploit-db.com/exploits/11668
    Added Reference https://www.exploit-db.com/exploits/12312
    Added Reference https://www.exploit-db.com/exploits/14402
    Added Reference https://www.exploit-db.com/exploits/16737
    Added Reference https://www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-overflow
Share the Post:

Related Posts