What is the CVSS score of CVE-2021-47891?

CVE-2021-47891 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Is there a public PoC exploit available for CVE-2021-47891?

Yes, a public proof-of-concept exploit is available for CVE-2021-47891. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2021-47891?

Within 24 hours: Identify all systems running Unified Remote 3.9.0.2463 using asset inventory tools; isolate affected systems from production networks if possible; establish network monitoring for suspicious outbound connections. Within 7 days: Upgrade to Unified Remote 3.10.0 or later (patch version); implement network segmentation to restrict access to Unified Remote services; enforce strict firewall rules limiting remote access. Within 30 days: Conduct forensic analysis of affected systems for signs of compromise; reset credentials for accounts on compromised systems; perform full vulnerability reassessment across the infrastructure.

CVE-2021-47891

CRITICAL

Missing Authentication for Critical Function (CWE-306)

2026-01-23 disclosure@vulncheck.com

RCE

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 26, 2026 - 15:03 vuln.today

Public exploit code

CVE Published

Jan 23, 2026 - 17:15 nvd

CRITICAL 9.8

DescriptionCVE.org

Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.

AnalysisAI

Unified Remote 3.9.0.2463 allows unauthenticated remote code execution by sending crafted network packets to the remote control service.

Technical ContextAI

Unified Remote 3.9.0.2463 has a CWE-306 missing authentication vulnerability that allows attackers to send crafted network packets to the remote control service, executing arbitrary commands without authentication.

Affected ProductsAI

Unified Remote 3.9.0.2463

RemediationAI

Update Unified Remote. Bind the service to localhost or trusted networks only.

CVE-2021-47891 vulnerability details – vuln.today

Back

CVE-2021-47891

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code