CVE-2010-2620

Open-FTPD < 1.2 - Unauthenticated Authentication Bypass via FTP Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2010-2620. PoCs published by Metasploit, Wireghoul, Serge Gorbunov, including Metasploit module exploits/windows/ftp/open_ftpd_wbem.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass and arbitrary file upload vulnerability in Open&Compact FTP Server 1.2 to achieve remote code execution by uploading a malicious executable and a MOF file to trigger WMI execution.

Description

Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/27556

This Metasploit module exploits an authentication bypass and arbitrary file upload vulnerability in Open&Compact FTP Server 1.2 to achieve remote code execution by uploading a malicious executable and a MOF file to trigger WMI execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Open&Compact FTP Server 1.2
No auth needed
Prerequisites: Target must be running Open&Compact FTP Server 1.2 · Windows Management Instrumentation (WMI) service must be enabled · Target must be Windows pre-Vista
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Wireghoul · pythonremotewindows
https://www.exploit-db.com/exploits/27401

This exploit leverages an authentication bypass and directory traversal vulnerability in Open&Compact FTP Server <= 1.2 to retrieve the SAM file for offline cracking. It connects to the FTP server without authentication and downloads the SAM file from the Windows repair directory.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Open&Compact FTP Server <= 1.2
No auth needed
Prerequisites: Network access to the target FTP server · FTP server running Open&Compact FTP Server <= 1.2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Serge Gorbunov · pythonremotewindows
https://www.exploit-db.com/exploits/13932

This exploit demonstrates an authentication bypass vulnerability in Open&Compact FTP Server <= 1.2, allowing unauthenticated command execution such as file listing and retrieval. The PoC connects to the FTP server without credentials and executes commands directly.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Open&Compact FTP Server <= 1.2
No auth needed
Prerequisites: Network access to the FTP server · At least one user with permissions for the executed commands
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Serge Gorbunov, bcoles · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/open_ftpd_wbem.rb

This Metasploit module exploits an authentication bypass and arbitrary file upload vulnerability in Open&Compact FTP server 1.2 to achieve remote code execution on Windows systems before Vista. It uploads a malicious executable and a MOF file to trigger WMI execution of the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Open&Compact FTP Server 1.2
No auth needed
Prerequisites: Target running Open&Compact FTP Server 1.2 on Windows pre-Vista · Network access to the FTP service · WMI service enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40284
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/13932

Scores

EPSS 0.2861
EPSS Percentile 97.9%

Details

CWE
CWE-287
Status published
Products (2)
open-ftpd/open-ftpd 1.0
open-ftpd/open-ftpd < 1.2
Published Jul 02, 2010
Tracked Since Feb 18, 2026