CVE-2010-20121
EasyFTP Server <= 1.7.0.11 CWD Command Stack Buffer Overflow
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
| CWE | CWE-121 |
| Vendor | kmint21 software |
| Product | easyftp server |
| Published | Aug 21, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for kmint21 software easyftp server
Be the first to know when new unknown vulnerabilities affecting kmint21 software easyftp server are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
KMiNT21 Software / EasyFTP Server
* ≤ 1.7.0.11
References
seclists.org: https://seclists.org/bugtraq/2010/Feb/202 raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb paulmakowski.wordpress.com: https://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/ exploit-db.com: https://www.exploit-db.com/exploits/12312 exploit-db.com: https://www.exploit-db.com/exploits/16737 exploit-db.com: https://www.exploit-db.com/exploits/11668 exploit-db.com: https://www.exploit-db.com/exploits/14402 vulncheck.com: https://www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-overflow
Credits
Paul Makowski