What is CVE-2010-20122?

CVE-2010-20122 is a vulnerability in Netsarang Computer, Inc. Xftp Ftp Client, classified under Stack-based Buffer Overflow. Published 2025-08-21.

Is CVE-2010-20122 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Netsarang Computer, Inc. Xftp Ftp Client

CVE-2010-20122

Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overl…

Vulnerability class: Buffer Overflow

EPSS: 0.586 (98.2th percentile) — read the EPSS interpretation.

Affected products

Netsarang Computer, Inc. Xftp Ftp Client — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/12332 (exploit)
www.exploit-db.com/exploits/16739 (exploit)
web.archive.org/web/20090312072219/http://www.netsarang.com/download/down_xft3… (product)
www.vulncheck.com/advisories/xftp-ftp-client-pwd-response-buffer-overflow (third-party-advisory)

Frequently asked questions

What is CVE-2010-20122?: CVE-2010-20122 is a vulnerability in Netsarang Computer, Inc. Xftp Ftp Client, classified under Stack-based Buffer Overflow. Published 2025-08-21.
Is CVE-2010-20122 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.