CVE-2021-47851
BaseFortify
Publication date: 2026-01-21
Last updated on: 2026-02-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yodinfo | mini_mouse | 9.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47851 is a critical remote code execution vulnerability in Mini Mouse version 9.2.0. It allows unauthenticated attackers to send specially crafted JSON requests to the /op=command HTTP endpoint, which then executes arbitrary commands on the affected system. Attackers can use this flaw to download and run malicious payloads remotely, gaining control over the target machine without any authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote control of your system, leading to potential data theft, system compromise, disruption of services, and loss of confidentiality, integrity, and availability. Since it requires no authentication, attackers can easily exploit it to execute arbitrary commands, install malware, or use the compromised system as a foothold for further attacks. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring network traffic for HTTP POST requests to the /op=command endpoint on port 8039 of Mini Mouse 9.2.0. Specifically, look for JSON payloads containing commands that attempt to download or execute files, such as those using certutil.exe to fetch payloads. A sample detection command using curl to test the endpoint could be: curl -X POST http://<target_ip>:8039/op=command -H "Content-Type: application/json" -d '{"command":"whoami"}' If the endpoint responds or executes the command, the system is vulnerable. Additionally, network IDS/IPS rules can be created to flag POST requests with JSON commands targeting /op=command. Monitoring Windows event logs for unexpected certutil.exe usage or execution of files in C:\Windows\Temp may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Mini Mouse HTTP interface on port 8039, especially the /op=command endpoint, by implementing network-level controls such as firewalls or access control lists to limit exposure to trusted hosts only. Disable or block the vulnerable Mini Mouse service if possible until a patch or update is available. Monitor and block suspicious HTTP POST requests containing JSON commands targeting the /op=command endpoint. Additionally, monitor for and restrict the use of certutil.exe and execution of files in temporary directories to prevent payload downloads and execution. Applying vendor patches or updates addressing this vulnerability as soon as they become available is critical. [1, 2]