MiCode FileExplorer SwiFTP Server Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the MiCode FileExplorer application, specifically within the embedded SwiFTP FTP server component. This vulnerability allows network attackers to log in without valid credentials. Exploitation involves sending arbitrary username and password combinations to the PASS command handler, which indiscriminately grants access. Once authenticated, attackers can list, read, write, and delete files exposed by the FTP server. It is important to note that the MiCode FileExplorer project is no longer supported.

Impact

Exploitation of this vulnerability allows for unauthorized access to the FTP server, enabling attackers to manipulate files by listing, reading, writing, or deleting them.

Added: Mar 11, 2026, 4:19 AM

Updated: Mar 11, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

3.8

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

3.8

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MiCode FileExplorer SwiFTP Server Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating