CVE-2019-19782

CRITICAL

Aceaxe Plus 1.0 - Buffer Overflow via Long EHLO Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19782. PoCs published by Underwood12.

AI-analyzed exploit summary The repository contains a Python script that scans for CVE-2019-19781 by checking for the presence of specific URIs and content ('lmhosts') in HTTP responses. It does not exploit the vulnerability but detects its presence.

Description

The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.

Exploits (1)

nomisec SCANNER

by Underwood12 · poc

https://github.com/Underwood12/CVE-2019-19782

View Code ZIP pw:eip

The repository contains a Python script that scans for CVE-2019-19781 by checking for the presence of specific URIs and content ('lmhosts') in HTTP responses. It does not exploit the vulnerability but detects its presence.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Citrix Application Delivery Controller (ADC) and Gateway (versions 10.5, 11.1, 12.0, 12.1, and 13.0)

No auth needed

Prerequisites: List of target URLs in 'url.txt'

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://sketler.github.io/cve_research/AceaXeftp-RCE-Via-Buffer-Overflow/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/sketler/sketler.github.io/blob/master/_posts/2019-11-11-AceaXeftp-RCE-Via-Buffer-Overflow.markdown

Scores

CVSS v3 9.8

EPSS 0.0315

EPSS Percentile 86.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

labf/aceaxe_plus 1.0

Published Dec 13, 2019

Tracked Since Feb 18, 2026