Description

EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”

INFO

Published Date :

2025-08-21T20:10:20.597Z

Last Modified :

2025-08-22T15:33:41.726Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2010-20121 vulnerability.

Vendors Products
Kmint21 Software
  • Easyftp Server

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability