Hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Wing FTP Server, a popular file transfer platform.
The flaw, tracked as CVE-2024-29202, affects Wing FTP Server versions prior to 7.3.0 and has a CVSS score of 9.8.
The vulnerability allows unauthenticated attackers to execute arbitrary commands on targeted systems.
Researchers confirmed that attackers are already scanning for and exploiting vulnerable servers.
This Wing FTP Server vulnerability affects both Windows and Linux deployments and could allow complete system compromise.
The exploit targets a weakness in the system’s web-based administration interface.
By crafting a malicious HTTP request, attackers can gain code execution rights without authentication.
Thousands of servers remain exposed
Wing FTP Server is widely used by enterprises to manage file transfers securely.
Shodan results show that thousands of servers remain exposed to the internet, with many still running vulnerable versions.
If exploited successfully, attackers can install backdoors, steal sensitive data, or use the compromised servers in larger attacks.
Security firms recommend immediate patching and removal of public access to the admin panel.
Patch available, but adoption lags
A patch for CVE-2024-29202 is available in Wing FTP Server version 7.3.0, released in early July.
However, many administrators have not yet applied the fix.
Experts warn that delays in patching will leave systems at continued risk.
The Wing FTP Server vulnerability is especially dangerous due to its low attack complexity.
It doesn’t require credentials, and public exploit code is already circulating.
What admins should do
Security teams should upgrade to the latest Wing FTP Server version immediately.
Admins should also check for signs of compromise and restrict access to the admin interface.
Firewall rules can help prevent unauthenticated internet access to critical components.
The Wing FTP Server vulnerability highlights the growing urgency to patch internet-facing tools quickly.
Delays can expose organizations to real-world attacks in a matter of hours.
0 responses to “Hackers Exploit Critical RCE Vulnerability in Wing FTP Server”