CVE-2010-2115

SolarWinds TFTP Server 10.4.0.10 - Denial of Service via Crafted Read Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-2115. PoCs published by Nullthreat, including Metasploit module auxiliary/dos/windows/tftp/solarwinds.

AI-analyzed exploit summary This exploit sends a malformed TFTP Read Request packet to SolarWinds TFTP Server 10.4.0.10, causing a denial of service by stopping the server from accepting new connections. The payload is minimal, consisting of an opcode, a single byte, and standard TFTP fields.

Description

SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Nullthreat · perldoswindows
https://www.exploit-db.com/exploits/12683

This exploit sends a malformed TFTP Read Request packet to SolarWinds TFTP Server 10.4.0.10, causing a denial of service by stopping the server from accepting new connections. The payload is minimal, consisting of an opcode, a single byte, and standard TFTP fields.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SolarWinds TFTP Server 10.4.0.10
No auth needed
Prerequisites: Network access to the target TFTP server (UDP port 69)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/tftp/solarwinds.rb

This Metasploit module exploits a denial-of-service vulnerability in SolarWinds TFTP Server 10.4.0.10 by sending a malformed 'netascii' read request via UDP. The crafted packet triggers a crash, shutting down the service.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SolarWinds TFTP Server 10.4.0.10
No auth needed
Prerequisites: Network access to the target TFTP server on UDP port 69
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024019
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12683
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39896
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/64845

Scores

EPSS 0.8010
EPSS Percentile 99.1%

Details

CWE
CWE-20
Status published
Products (1)
solarwinds/tftp_server 10.4.0.10
Published May 28, 2010
Tracked Since Feb 18, 2026