CVE-2024-0546

MEDIUM

EasyFTP 1.7.0 - DoS

Title source: llm

Description

A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715.

Exploits (1)

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/easyftp_list_fixret.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://vuldb.com/?id.250715

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.250715

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html

Scores

CVSS v3 5.3

EPSS 0.3656

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (1)

easyftp/easyftp 1.7.0

Published Jan 15, 2024

Tracked Since Feb 18, 2026