CVE-2008-1620

2X TFTP service <3.2.0.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1620. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in 2X ThinClientServer's TFTP service, allowing unauthorized access to arbitrary files outside the TFTP root directory. The PoC uses path traversal sequences to retrieve sensitive files like boot.ini and win.ini.

Description

Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · textremotewindows
https://www.exploit-db.com/exploits/31562

The exploit demonstrates a directory traversal vulnerability in 2X ThinClientServer's TFTP service, allowing unauthorized access to arbitrary files outside the TFTP root directory. The PoC uses path traversal sequences to retrieve sensitive files like boot.ini and win.ini.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: 2X ThinClientServer 5.0 sp1-r3497 with TFTPd.exe 3.2.0.0
No auth needed
Prerequisites: Network access to the TFTP service · TFTP client (e.g., tftpx)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41528
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490324/100/0/threaded
Exploit, Patch x_refsource_misc
http://aluigi.org/testz/tftpx.zip
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1040/references
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29590
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28504

Scores

EPSS 0.0303
EPSS Percentile 85.7%

Details

CWE
CWE-22
Status published
Products (2)
2x/thinclientserver < 3.2.0.0
2x/thinclientserver < 5.0
Published Apr 02, 2008
Tracked Since Feb 18, 2026