cbcvebase.
CVE-2007-1404
published 2007-03-10

CVE-2007-1404: tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a…

PriorityP341high7.3CVSS 2.0
AVAACMAuNCCINAC
EXPLOIT
EPSS
66.74%
99.2th percentile
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.

Affected

1 ranges
VendorProductVersion rangeFixed in
prosysinfotftp_server_tftpdwin

Detection & IOCsextracted from sources · hover to see the quote

filenametftpd.exe
port69/UDP
commandprint $socket "A" x 517;
bytes
\x00\x01\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x8b\xc3\x66\x05\x12\x01\x50\xc3
  • Trigger condition is a UDP packet to port 69 exceeding 516 bytes; any UDP datagram to TFTP port 69 with length > 516 bytes should be flagged.
  • The exploit buffer begins with the two-byte TFTP opcode \x00\x01 (Read Request), followed by NOP sleds and shellcode — detect anomalously large TFTP RRQ packets on UDP/69.
  • Post-exploitation reverse shell connects back on TCP port 4444; monitor for unexpected outbound telnet/TCP connections on port 4444 from the TFTP server process (tftpd.exe).
  • The shellcode contains the ASCII string 'netascii' (\x6e\x65\x74\x61\x73\x63\x69\x69) near the end of the buffer payload; this can serve as a byte-pattern signature in UDP/69 traffic.
  • ·The buffer overflow exploit is noted to be sensitive to buffer length; payloads may vary across attack attempts, so signature-based detection should focus on packet size threshold (>516 bytes on UDP/69) rather than exact byte sequences alone.
  • ·This vulnerability may be related to CVE-2006-4948; detections covering one may partially cover the other, but they should be treated as distinct until confirmed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.