CVE-2021-47851
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-21

Last updated on: 2026-02-02

Assigner: VulnCheck

Description
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47851
EUVD
EUVD-2026-3609
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yodinfo mini_mouse 9.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47851 is a critical remote code execution vulnerability in Mini Mouse version 9.2.0. It allows unauthenticated attackers to send specially crafted JSON requests to the /op=command HTTP endpoint, which then executes arbitrary commands on the affected system. Attackers can use this flaw to download and run malicious payloads remotely, gaining control over the target machine without any authentication. [1, 2]

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote control of your system, leading to potential data theft, system compromise, disruption of services, and loss of confidentiality, integrity, and availability. Since it requires no authentication, attackers can easily exploit it to execute arbitrary commands, install malware, or use the compromised system as a foothold for further attacks. [1, 2]

Detection Guidance

You can detect this vulnerability by monitoring network traffic for HTTP POST requests to the /op=command endpoint on port 8039 of Mini Mouse 9.2.0. Specifically, look for JSON payloads containing commands that attempt to download or execute files, such as those using certutil.exe to fetch payloads. A sample detection command using curl to test the endpoint could be: curl -X POST http://<target_ip>:8039/op=command -H "Content-Type: application/json" -d '{"command":"whoami"}' If the endpoint responds or executes the command, the system is vulnerable. Additionally, network IDS/IPS rules can be created to flag POST requests with JSON commands targeting /op=command. Monitoring Windows event logs for unexpected certutil.exe usage or execution of files in C:\Windows\Temp may also help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the Mini Mouse HTTP interface on port 8039, especially the /op=command endpoint, by implementing network-level controls such as firewalls or access control lists to limit exposure to trusted hosts only. Disable or block the vulnerable Mini Mouse service if possible until a patch or update is available. Monitor and block suspicious HTTP POST requests containing JSON commands targeting the /op=command endpoint. Additionally, monitor for and restrict the use of certutil.exe and execution of files in temporary directories to prevent payload downloads and execution. Applying vendor patches or updates addressing this vulnerability as soon as they become available is critical. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47851. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart