NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Surgeftp |
Netwin |
1.0b |
1.0b |
Surgeftp |
Netwin |
2.0a |
2.0a |
References