CVE-2019-7214

Exploitation Summary

EIP tracks 6 public exploits for CVE-2019-7214. PoCs published by 1F98D, Drew-Alleman, andyfeili, including Metasploit module exploits/windows/http/smartermail_rce.

AI-analyzed exploit summary This exploit targets a .NET deserialization vulnerability in SmarterMail before build 6985. It sends a crafted payload to a .NET remoting endpoint to achieve remote code execution via a PowerShell reverse shell.

Description

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

Exploits (6)

exploitdb WORKING POC

by 1F98D · pythonremotewindows

https://www.exploit-db.com/exploits/49216

View Code ZIP pw:eip

This exploit targets a .NET deserialization vulnerability in SmarterMail before build 6985. It sends a crafted payload to a .NET remoting endpoint to achieve remote code execution via a PowerShell reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SmarterMail before build 6985

No auth needed

Prerequisites: Network access to the target's .NET remoting endpoint (port 17001) · Target must be running a vulnerable version of SmarterMail

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by Drew-Alleman · poc

https://github.com/Drew-Alleman/CVE-2019-7214

View Code ZIP pw:eip

This is a Python-based exploit for CVE-2019-7214, targeting a .NET deserialization vulnerability in SmarterMail before build 6985. It sends a malicious payload to achieve remote code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SmarterMail < Build 6985

No auth needed

Prerequisites: Network access to the target SmarterMail server · Target must be running a vulnerable version of SmarterMail

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by andyfeili · poc

https://github.com/andyfeili/-CVE-2019-7214

View Code ZIP pw:eip

This PoC exploits a .NET deserialization vulnerability in SmarterMail before build 6985 to achieve remote code execution. It sends a crafted payload to a .NET remoting endpoint, triggering arbitrary command execution via a PowerShell reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SmarterMail before build 6985

No auth needed

Prerequisites: Network access to the target's .NET remoting endpoint (port 17001) · Target running SmarterMail before build 6985

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1027 - Obfuscated Files or Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by devzspy · poc

https://github.com/devzspy/CVE-2019-7214

View Code ZIP pw:eip

This PoC exploits a .NET deserialization vulnerability in SmarterMail before build 6985 to achieve remote code execution. It sends a crafted payload to a .NET remoting endpoint, triggering arbitrary command execution via a PowerShell reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SmarterMail < Build 6985

No auth needed

Prerequisites: Network access to the target's .NET remoting endpoint (port 17001) · Target running SmarterMail < Build 6985

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1059.001 - PowerShell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by ElusiveHacker · poc

https://github.com/ElusiveHacker/CVE-2019-7214

View Code ZIP pw:eip

This is a functional exploit for CVE-2019-7214, targeting a .NET deserialization vulnerability in SmarterMail before build 6985. It sends a serialized payload to execute a PowerShell reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SmarterMail before build 6985

No auth needed

Prerequisites: Target must be running SmarterMail before build 6985 · Network access to the target's .NET remoting endpoint · Attacker must have a listener set up for the reverse shell

MITRE ATT&CK

T1059.001 - PowerShell T1189 - Drive-by Compromise T1059.005 - Visual Basic

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Soroush Dalili, 1F98D, Ismail E. Dawoodjee · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/smartermail_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a .NET deserialization vulnerability (CVE-2019-7214) in SmarterTools SmarterMail versions <= 16.x or builds < 6985. It sends a malicious serialized payload to one of three exposed .NET remoting endpoints on port 17001, achieving unauthenticated remote code execution as SYSTEM.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SmarterTools SmarterMail <= 16.x or build < 6985

No auth needed

Prerequisites: Network access to TCP port 17001 · Vulnerable SmarterMail version/build

MITRE ATT&CK