CVE-2021-47791

HIGH

SmartFTP Client 10.0.2909.0 - Denial of Service via Malformed Paths or Invalid IP Addresses

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47791. PoCs published by Eric Salario.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in SmartFTP Client 10.0.2909.0 by triggering crashes through crafted input in the 'Path' field during FTPS connection attempts. The PoC provides clear steps to reproduce the crash, including buffer overflow and input validation issues.

Description

SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's interface.

Exploits (1)

exploitdb WORKING POC
by Eric Salario · pythondoswindows
https://www.exploit-db.com/exploits/50266

This exploit demonstrates a Denial of Service (DoS) vulnerability in SmartFTP Client 10.0.2909.0 by triggering crashes through crafted input in the 'Path' field during FTPS connection attempts. The PoC provides clear steps to reproduce the crash, including buffer overflow and input validation issues.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SmartFTP Client 10.0.2909.0 (32 and 64 bit)
No auth needed
Prerequisites: SmartFTP Client installed · Ability to initiate an FTPS connection
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.5
EPSS 0.0047
EPSS Percentile 36.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (1)
smartftp/smartftp 10.0.2909.0
Published Jan 16, 2026
Tracked Since Feb 18, 2026