Serv-U FTP versions 3.x, 4.x and 5.x ship with a default administrative account. A local attacker could establish a connection using the administrative authentication credentials and gain elevated privileges on the server.
CVE Link
Exploit Platform
Exploit Type
Product Name