CVE-2021-47891

CRITICAL
2026-01-23 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 26, 2026 - 15:03 vuln.today
Public exploit code
CVE Published
Jan 23, 2026 - 17:15 nvd
CRITICAL 9.8

Tags

RCE

Description

Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.

Analysis

Unified Remote 3.9.0.2463 allows unauthenticated remote code execution by sending crafted network packets to the remote control service.

Technical Context

Unified Remote 3.9.0.2463 has a CWE-306 missing authentication vulnerability that allows attackers to send crafted network packets to the remote control service, executing arbitrary commands without authentication.

Affected Products

['Unified Remote 3.9.0.2463']

Remediation

Update Unified Remote. Bind the service to localhost or trusted networks only.

Priority Score

69
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +49
POC: +20

Share

CVE-2021-47891 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy