Description
Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary.
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://github.com/an0ry/advisories
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
32.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
open_tftp_server_project/open_tftp_server
1.66 (2 CPE variants)
Published
Oct 28, 2020
Tracked Since
Feb 18, 2026