cbcvebase.
CVE-2008-5626
published 2008-12-17

CVE-2008-5626: XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by…

PriorityP425medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
35.86%
98.3th percentile
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.

Affected

2 ranges
VendorProductVersion rangeFixed in
dxmsoftxm_easy_personal_ftp_server
dxmsoftxm_easy_personal_ftp_server

Detection & IOCsextracted from sources · hover to see the quote

commandNLST -1
commandNLST
versionXM Easy Personal FTP Server 5.6.0
versionXM Easy Personal FTP Server 5.7.0
  • Detect DoS attempt by monitoring for an authenticated FTP NLST command sent with a '-1' argument against XM Easy Personal FTP Server on port 21.
  • Even anonymous FTP accounts can trigger the vulnerability if they have permission to call NLST; alert on NLST commands from anonymous sessions as well as authenticated ones.
  • Monitor for FTP sessions that issue USER/PASS followed immediately by a bare or argument-bearing NLST command with no directory path, particularly with negative numeric arguments such as -1.
  • The Metasploit auxiliary modules targeting this CVE are located at modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb and xmeasy570_nlst.rb; use these paths to identify exploitation attempts via Metasploit.
  • ·Exploitation requires an authenticated FTP session; however, anonymous login is sufficient if the anonymous account has NLST permission enabled — review and restrict anonymous FTP permissions on XM Easy Personal FTP Server.
  • ·Both versions 5.6.0 and 5.7.0 of XM Easy Personal FTP Server are confirmed vulnerable; detections and mitigations should cover both version branches.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.