CVE-2021-47851

CriticalPublic PoC

Published: 21 January 2026

Published

21 January 2026

Modified

02 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0070 72.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script…

commands.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection (CWE-78) by validating and sanitizing crafted JSON requests to the /op=command endpoint.

AC-3 Access Enforcement good match

prevent

Enforces access control policies to block unauthenticated remote access to the vulnerable HTTP command execution endpoint.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Prohibits sensitive actions like arbitrary command execution without identification and authentication on publicly exposed endpoints.

Security SummaryAI

CVE-2021-47851 is a remote code execution vulnerability in Mini Mouse version 9.2.0, an iOS remote control application. The flaw stems from an unauthenticated HTTP endpoint at /op=command, which allows attackers to execute arbitrary commands by sending crafted JSON requests containing malicious script commands. Classified under CWE-78 (OS Command Injection), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites.

Remote attackers can exploit this vulnerability without authentication by targeting the affected endpoint over the network. Successful exploitation enables full arbitrary command execution on the victim's device, including the ability to download and run payloads, potentially leading to complete system compromise with high confidentiality, integrity, and availability impacts.

Advisories and references, including those from VulnCheck and an Exploit-DB entry (49743), detail the issue and provide exploit code, while the Apple App Store page describes the application. Practitioners should consult these sources for specific mitigation guidance, such as updating to a patched version if available.

An exploit is publicly available on Exploit-DB, indicating potential for real-world abuse against unpatched Mini Mouse 9.2.0 installations.

Details

CWE(s): CWE-78

Affected Products

yodinfo

mini mouse

9.2.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

The vulnerability is an unauthenticated RCE via OS command injection on a public-facing HTTP endpoint, directly enabling T1190 (Exploit Public-Facing Application) and T1059.004 (Unix Shell) on the iOS target.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/49743
Exploit, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/mini-mouse-remote-code-execution
Third Party Advisory · disclosure@vulncheck.com