CVE-2010-20121
CRITICALEasyftp Server < 1.7.0.12 - Stack Buffer Overflow
Title source: ruleDescription
EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by blake · rubyremotewindows
https://www.exploit-db.com/exploits/11668
exploitdb
WORKING POC
VERIFIED
by fdiskyou · pythonremotewindows
https://www.exploit-db.com/exploits/14402
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16737
exploitdb
WORKING POC
VERIFIED
by Paul Makowski · rubyremotewindows
https://www.exploit-db.com/exploits/12312
metasploit
WORKING POC
GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb
References (8)
Scores
CVSS v3
9.8
EPSS
0.6864
EPSS Percentile
98.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-121
Status
published
Affected Products (1)
easyftp_server_project/easyftp_server
< 1.7.0.12
Timeline
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026