CVE-2012-6664

CRITICAL

Distinct Intranet Servers <3.10 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-6664. PoCs published by Metasploit, modpr0be, sinn3r, including Metasploit module exploits/windows/tftp/distinct_tftp_traversal.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Distinct TFTP 3.10 to upload arbitrary files, achieving remote code execution as SYSTEM via WbemExec.

Description

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappswindows
https://www.exploit-db.com/exploits/41714

This Metasploit module exploits a directory traversal vulnerability in Distinct TFTP 3.10 to upload arbitrary files, achieving remote code execution as SYSTEM via WbemExec.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Distinct TFTP 3.10
No auth needed
Prerequisites: Network access to the TFTP server · TFTP server running on port 69
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by modpr0be, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/tftp/distinct_tftp_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in Distinct TFTP Server 3.10, allowing arbitrary file writes to the server's filesystem, leading to remote code execution as SYSTEM. It uploads a malicious EXE and MOF file to achieve execution via WMI.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Distinct Intranet Servers TFTP Server 3.10
No auth needed
Prerequisites: Network access to the TFTP server (port 69) · Write access to the TFTP server's base directory
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://www.exploit-db.com/exploits/41714

Scores

CVSS v3 9.1
EPSS 0.7347
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-22
Status published
Published Jun 21, 2024
Tracked Since Feb 18, 2026