What is CVE-2010-20121?

CVE-2010-20121 is a vulnerability in Kmint21 Software Easyftp Server, classified under Stack-based Buffer Overflow. Published 2025-08-21.

Is CVE-2010-20121 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Kmint21 Software Easyftp Server

CVE-2010-20121

EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input…

Vulnerability class: Buffer Overflow

EPSS: 0.686 (98.6th percentile) — read the EPSS interpretation.

Affected products

Kmint21 Software Easyftp Server — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

rapid7/metasploit-framework

References

seclists.org/bugtraq/2010/Feb/202 (exploit, third-party-advisory)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-… (technical-description, exploit)
www.exploit-db.com/exploits/12312 (exploit)
www.exploit-db.com/exploits/16737 (exploit)
www.exploit-db.com/exploits/11668 (exploit)
www.exploit-db.com/exploits/14402 (exploit)
www.vulncheck.com/advisories/easyftp-server-cwd-command-stack-buffer-overflow (third-party-advisory)

Frequently asked questions

What is CVE-2010-20121?: CVE-2010-20121 is a vulnerability in Kmint21 Software Easyftp Server, classified under Stack-based Buffer Overflow. Published 2025-08-21.
Is CVE-2010-20121 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.