CVE-2020-14057

CRITICAL

Monstaftp Monsta FTP < 2.10.1 - Remote Code Execution

Title source: rule

Description

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.

References (2)

[Release Notes, Vendor Advisory] https://www.monstaftp.com/notes/

[Third Party Advisory] https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-01_Monsta_FTP_Arbitrary_File_Read_and_Write

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0307

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-610

Status published

Products (1)

monstaftp/monsta_ftp < 2.10.1

Published Jul 01, 2020

Tracked Since Feb 18, 2026