CVE-2002-2353
tftpd32 2.50 and 2.50.2 - Unauthenticated Arbitrary File Read and Write via GET and PUT Requests
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-2353. PoCs published by Aviram Jenik.
AI-analyzed exploit summary This exploit demonstrates arbitrary file read/write via TFTP in Tftpd32 due to lack of authentication or path restrictions. An attacker can download sensitive files (e.g., boot.ini) or upload malicious files to the system.
Description
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Aviram Jenik · textremotewindows
https://www.exploit-db.com/exploits/22024
This exploit demonstrates arbitrary file read/write via TFTP in Tftpd32 due to lack of authentication or path restrictions. An attacker can download sensitive files (e.g., boot.ini) or upload malicious files to the system.
Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
Tftpd32 (version not specified)
No auth needed
Prerequisites:
Network access to the TFTP server · Tftpd32 running with insecure default configuration
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/632633
Exploit x_refsource_misc
http://www.securiteam.com/windowsntfocus/6D00D2061G.html
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10646.php
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6198
Various Sources x_refsource_confirm
http://tftpd32.jounin.net/
Scores
EPSS
0.0702
EPSS Percentile
93.4%
Details
CWE
CWE-264
Status
published
Products (2)
tftpd32/tftpd32
2.50
tftpd32/tftpd32
2.50.2
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026