Description
A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by b33f · pythonremotewindows
https://www.exploit-db.com/exploits/17354
metasploit
WORKING POC
GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb
Scores
CVSS v3
6.3
EPSS
0.4620
EPSS Percentile
97.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-120
Status
published
Products (1)
easyftp_server_project/easyftp_server
1.7.0.2
Published
Jan 16, 2024
Tracked Since
Feb 18, 2026