FTP access to whole disk is open by default, passwords are stored in cleartext, password submission attemps are not limited.
vulners.com/securityvulns/securityvulns:doc:3465