CVE-2021-31800

CRITICAL

Impacket < 0.9.22 - Path Traversal and Arbitrary File Write via SMB Server

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-31800. PoCs published by p0dalirius, Louzogh.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-31800, a path traversal vulnerability in Impacket's SMB server. It includes a patched version of smbclient.py that allows arbitrary file read/write operations via directory traversal sequences (e.g., '../').

Description

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

Exploits (2)

nomisec WORKING POC 10 stars
by p0dalirius · poc
https://github.com/p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write

This repository contains a functional exploit for CVE-2021-31800, a path traversal vulnerability in Impacket's SMB server. It includes a patched version of smbclient.py that allows arbitrary file read/write operations via directory traversal sequences (e.g., '../').

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Impacket (commit cb6d43a677c338db930bc4e9161620832c1ec624)
No auth needed
Prerequisites: Access to an Impacket SMB server instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Louzogh · poc
https://github.com/Louzogh/CVE-2021-31800

This repository contains functional exploit code for CVE-2021-31800, which is related to Impacket, a collection of Python classes for working with network protocols. The examples include various scripts for exploiting Active Directory and SMB vulnerabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Impacket (various versions)
Auth required
Prerequisites: Valid credentials for the target system · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/SecureAuthCorp/impacket/releases

Scores

CVSS v3 9.8
EPSS 0.3980
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (5)
fedoraproject/fedora 32
fedoraproject/fedora 33
fedoraproject/fedora 34
pypi/impacket 0 - 0.9.23PyPI
secureauth/impacket < 0.9.22
Published May 05, 2021
Tracked Since Feb 18, 2026