CVE-2008-1610

TallSoft Quick TFTP Server Pro 2.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-1610. PoCs published by npn, Metasploit, muts, including Metasploit module exploits/windows/tftp/quick_tftp_pro_mode.

AI-analyzed exploit summary This exploit sends a malformed TFTP read request packet with an oversized filename field to trigger a denial-of-service condition in Quick TFTP Server 2.2. The payload consists of a TFTP opcode followed by a long string of 'A' characters to cause a buffer overflow.

Description

Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.

Exploits (4)

exploitdb WORKING POC VERIFIED
by npn · pythondoswindows
https://www.exploit-db.com/exploits/26010

This exploit sends a malformed TFTP read request packet with an oversized filename field to trigger a denial-of-service condition in Quick TFTP Server 2.2. The payload consists of a TFTP opcode followed by a long string of 'A' characters to cause a buffer overflow.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Quick TFTP Server 2.2
No auth needed
Prerequisites: Network access to the target TFTP server · UDP port 69 accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16348

This exploit targets a stack buffer overflow in Quick TFTP Pro 2.1 via a malformed UDP packet. It leverages SEH overwrite techniques to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Quick FTP Pro 2.1
No auth needed
Prerequisites: Network access to UDP port 69 · Vulnerable Quick TFTP Pro 2.1 installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by muts · pythonremotewindows
https://www.exploit-db.com/exploits/5315

This exploit targets a SEH overflow vulnerability in Quick TFTP Pro 2.1 via a maliciously crafted UDP packet. It includes shellcode for a bind shell on port 4444, demonstrating remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Quick TFTP Pro 2.1
No auth needed
Prerequisites: Network access to the target · Target running Quick TFTP Pro 2.1 on Windows XP SP2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb

This Metasploit module exploits a stack buffer overflow in Quick TFTP Pro 2.1 via a maliciously crafted UDP packet. It leverages SEH overwrites to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Quick FTP Pro 2.1
No auth needed
Prerequisites: Network access to UDP port 69 on the target · Vulnerable version of Quick FTP Pro running
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41499
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29494
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5315
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28459

Scores

EPSS 0.5391
EPSS Percentile 98.9%

Details

CWE
CWE-119
Status published
Products (1)
tallsoft_quick/tftp_server_pro 2.1
Published Apr 01, 2008
Tracked Since Feb 18, 2026