Cyber Resilience

CVE-2010-20121

CriticalPublic PoC

Published: 21 August 2025

Published
21 August 2025
Modified
10 September 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.6864 98.6th percentile
Risk Priority 60 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2010-20121 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Easyftp Server Project Easyftp Server. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability (CWE-121) in the FTP command parser. The flaw arises when processing the CWD (Change Working Directory) command, as the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack.

Remote attackers can exploit this vulnerability without authentication, leveraging the server's default allowance of anonymous access, to achieve remote code execution. The high CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) underscores its critical impact, with low complexity and no privileges required.

The vulnerability was resolved in version 1.7.0.12, after which the product was renamed UplusFtp. References, including a Bugtraq mailing list post and Exploit-DB entries, detail the issue and provide proof-of-concept exploits, while a Metasploit module (easyftp_cwd_fixret) demonstrates automated exploitation.

Public exploits and a Metasploit module have been available since 2010, highlighting ongoing risk to unpatched legacy deployments of this FTP server.

EU & UK References

Vulnerability details

EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to…

more

overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack buffer overflow in unauthenticated FTP CWD handler enables unauthenticated RCE against public-facing server (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2010-20113Same product: Easyftp Server Project Easyftp Server
CVE-2025-11779Shared CWE-121
CVE-2026-25823Shared CWE-121
CVE-2025-69766Shared CWE-121
CVE-2025-60691Shared CWE-121
CVE-2019-25364Shared CWE-121
CVE-2026-39047Shared CWE-121
CVE-2025-69764Shared CWE-121
CVE-2019-25319Shared CWE-121
CVE-2025-54491Shared CWE-121

Affected Assets

easyftp server project
easyftp server
≤ 1.7.0.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching of the stack-based buffer overflow in EasyFTP Server's CWD parser, directly eliminating the vulnerability as fixed in version 1.7.0.12.

prevent

Mandates validation of FTP command input lengths, such as CWD strings, to block buffer overflows from malformed inputs.

prevent

Implements memory protections like stack canaries, DEP, and ASLR to prevent successful exploitation of stack-based buffer overflows leading to RCE.

References