CVE-2021-41637

Published: Jun 24, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.

Affected (1)

Products: Melag: Ftp Server

Melag

1 product

Ftp Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Melag Ftp Server	Version 2.2.0.4

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.