Build 9511 was released on [9†L8-L9]. The release notes explicitly mention the presence of critical security fixes [10†L11-L13].
Attackers scan for SmarterMail servers with port 17001 open. Payload Delivery: smartermail 6919 exploit
These endpoints listen openly on . The core vulnerability exists because the software accepts raw serialized data over this port from unauthenticated sources without strict type validation or cryptographic signing. Build 9511 was released on [9†L8-L9]
18;write_to_target_document1a;_qqbuaZHuJJ-0i-gPprHm8AU_20;56; 0;55d;0;2bb; Payload Delivery: These endpoints listen openly on
The criticality of this vulnerability is immense. Successful exploitation allowed any unauthenticated user from anywhere on the internet to execute commands on the server with the highest level of privilege—the account. This effectively gave the attacker full, undetectable control over the entire server, including the ability to install malware, exfiltrate all emails and user data, and use the server as a launching point to attack the rest of the internal network. The vulnerability was officially patched by SmarterTools in build 6985, which restricted the 17001 port to localhost access only. However, if an attacker already had a low-privileged foothold on a patched server, they could still potentially use this for local privilege escalation.