CVE-2021-47891
Remote Code Execution in Unified Remote 3.9.0 via Network Packets
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unified_remote | unified_remote | 3.9.0.2463 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47891 is a critical remote code execution vulnerability in Unified Remote version 3.9.0.2463. It allows an attacker to connect to the Unified Remote service on port 9512 and send specially crafted network packets without any authentication or user interaction. By exploiting this flaw, the attacker can open a command prompt on the target system and execute arbitrary commands, including downloading and running malicious payloads, leading to full remote code execution. [1, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to remotely execute arbitrary commands on the affected system without any privileges or user interaction. An attacker can open a command prompt, download malicious payloads, and execute them, potentially leading to full system compromise, data theft, installation of malware, or further network attacks. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the Unified Remote service listening on TCP port 9512. You can use network scanning tools or commands such as 'netstat -an | findstr 9512' on Windows or 'ss -tuln | grep 9512' on Linux to see if the port is open and the service is running. Additionally, monitoring for unusual or unexpected network packets sent to port 9512 could indicate exploitation attempts. Since the exploit involves sending specially crafted packets to this port, capturing and analyzing network traffic with tools like Wireshark or tcpdump filtering on port 9512 may help detect attempts. The exploit described in Resource 3 uses a Python script to send crafted packets to port 9512 to open a command prompt and execute commands remotely. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or blocking access to Unified Remote's TCP service on port 9512, especially from untrusted networks. Applying any available patches or updates from Unified Remote that address this vulnerability is critical. If patching is not immediately possible, restricting network access to port 9512 via firewall rules to trusted hosts only can reduce exposure. Additionally, monitoring for suspicious activity targeting port 9512 and considering uninstalling or disabling Unified Remote if it is not required can help mitigate risk. [1]