CRITICAL🇵🇱 Wersja polska

CVE-2012-10035

CVSS 10.0v4.0pub. 2025-08-05upd. 2026-04-15

Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.

🤖 AI Analysis
How it works

The vulnerability (CWE-120) results from improper input validation when processing the PORT command of the FTP protocol. An attacker sends a specially crafted payload that causes a buffer overflow and overwrites critical memory structures of the server process. As a result, code execution can be redirected to shellcode controlled by the attacker.

Impact

An attacker gains the ability to execute arbitrary code (RCE) in the context of the SYSTEM account, which means complete takeover of the server. The confidentiality, integrity, and availability of both the system itself and resources connected to it are compromised.

Mitigation & patch

Patches available from the vendor should be applied according to the references provided. Until updates are applied, it is recommended to restrict access to the FTP server port only to trusted IP addresses using a firewall and consider disabling the service if it is not essential.

Who is affected

Turbo FTP Server in versions 1.30.823 and 1.30.826

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References