CVE-2021-31887

CWE-170: IMPROPER NULL TERMINATION
FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.

Risk Information

  • CVE ID
  • CVE-2021-31887
  • Vendor
  • Siemens
  • Product
  • Nucleus
  • CVSS v3
  • 8.8