CVE-2021-47891
Unknown Unknown - Not Provided
Remote Code Execution in Unified Remote 3.9.0 via Network Packets

Publication date: 2026-01-23

Last updated on: 2026-01-23

Assigner: VulnCheck

Description
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-23
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47891
EUVD
EUVD-2026-4286
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
unified_remote unified_remote 3.9.0.2463
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47891 is a critical remote code execution vulnerability in Unified Remote version 3.9.0.2463. It allows an attacker to connect to the Unified Remote service on port 9512 and send specially crafted network packets without any authentication or user interaction. By exploiting this flaw, the attacker can open a command prompt on the target system and execute arbitrary commands, including downloading and running malicious payloads, leading to full remote code execution. [1, 3]

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to remotely execute arbitrary commands on the affected system without any privileges or user interaction. An attacker can open a command prompt, download malicious payloads, and execute them, potentially leading to full system compromise, data theft, installation of malware, or further network attacks. [1, 3]

Detection Guidance

This vulnerability can be detected by checking for the presence of the Unified Remote service listening on TCP port 9512. You can use network scanning tools or commands such as 'netstat -an | findstr 9512' on Windows or 'ss -tuln | grep 9512' on Linux to see if the port is open and the service is running. Additionally, monitoring for unusual or unexpected network packets sent to port 9512 could indicate exploitation attempts. Since the exploit involves sending specially crafted packets to this port, capturing and analyzing network traffic with tools like Wireshark or tcpdump filtering on port 9512 may help detect attempts. The exploit described in Resource 3 uses a Python script to send crafted packets to port 9512 to open a command prompt and execute commands remotely. [1, 3]

Mitigation Strategies

Immediate mitigation steps include disabling or blocking access to Unified Remote's TCP service on port 9512, especially from untrusted networks. Applying any available patches or updates from Unified Remote that address this vulnerability is critical. If patching is not immediately possible, restricting network access to port 9512 via firewall rules to trusted hosts only can reduce exposure. Additionally, monitoring for suspicious activity targeting port 9512 and considering uninstalling or disabling Unified Remote if it is not required can help mitigate risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47891. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart