CNNVD-202508-2565 Information

Aug 21, 2025 cve

CNNVD ID

CNNVD-202508-2565

CVE-2010-20121

CNNVD Published: 2025-08-21

Description (Chinese)

EasyFTP是一个易于使用的FTP服务。 EasyFTP 1.7.0.11及之前版本存在安全漏洞，该漏洞源于处理CWD命令时未验证输入长度，可能导致栈缓冲区溢出和执行任意代码。

Description (English)

EASYFTP is an easy-to-use FTP service. EasyFTP 1.7.0.11 and previous versions contain a security loophole, which stems from the failure to verify the length of the input when processing the CWD order, which may result in the spilling out of the fence and the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Published

2025-08-21

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-overflow https://www.exploit-db.com/exploits/16737 https://www.exploit-db.com/exploits/14402 https://www.exploit-db.com/exploits/12312 https://www.exploit-db.com/exploits/11668 https://seclists.org/bugtraq/2010/Feb/202 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb https://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/ https://nvd.nist.gov/vuln/detail/CVE-2010-20121

Share on: