CVE-2021-31888

CWE-170: IMPROPER NULL TERMINATION
FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.

Risk Information

  • CVE ID
  • CVE-2021-31888
  • Vendor
  • Siemens
  • Product
  • Nucleus
  • CVSS v3
  • 8.8