CVE-2010-20121
CRITICALEasyftp Server < 1.7.0.12 - Stack Buffer Overflow
Title source: ruleDescription
EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by fdiskyou · pythonremotewindows
https://www.exploit-db.com/exploits/14402
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16737
exploitdb
WORKING POC
VERIFIED
by Paul Makowski · rubyremotewindows
https://www.exploit-db.com/exploits/12312
exploitdb
WORKING POC
VERIFIED
by blake · rubyremotewindows
https://www.exploit-db.com/exploits/11668
metasploit
WORKING POC
GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb
References (8)
Scores
CVSS v3
9.8
EPSS
0.6864
EPSS Percentile
98.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
Status
published
Products (2)
easyftp_server_project/easyftp_server
< 1.7.0.12
KMiNT21 Software/EasyFTP Server
< 1.7.0.11
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026