CVE-2021-41635

HIGH

MELAG FTP Server 2.2.0.4 - Incorrect Default Permissions

Title source: llm

Description

When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/

Scores

CVSS v3 8.8

EPSS 0.0174

EPSS Percentile 74.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

melag/ftp_server 2.2.0.4

Published Jun 24, 2022

Tracked Since Feb 18, 2026