| |
Vulnerability CVE-2021-41635
Published: 2022-06-24
| Description: |
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. |
Type:
CWE-276 (Incorrect Default Permissions)
CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
9/10 |
10/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
