Login Sign Up

CVE-2021-47771

5.5 MEDIUM
Denial of Service

📋 TL;DR

CVE-2021-47771 is a denial of service vulnerability in RDP Manager 4.9.9.3 where local attackers can crash the application by entering oversized text in connection name and server fields. This affects users of RDP Manager 4.9.9.3 on Windows systems, potentially requiring full reinstallation after exploitation.

💻 Affected Systems

Products:
  • RDP Manager
Versions: 4.9.9.3
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of RDP Manager 4.9.9.3 are vulnerable by default. The vulnerability requires local access to the application's connection configuration interface.

📦 What is this software?

Rdp Manager by Cinspiration

View all CVEs affecting Rdp Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent application crash requiring complete reinstallation, disrupting RDP management operations and causing data loss of unsaved connection configurations.

🟠

Likely Case

Application freeze and crash requiring restart, temporarily disrupting RDP management capabilities.

🟢

If Mitigated

Minimal impact with proper input validation and user privilege restrictions in place.

🌐 Internet-Facing: LOW - This is a local attack requiring access to the application interface.
🏢 Internal Only: MEDIUM - Local users with access to RDP Manager could intentionally or accidentally trigger the crash.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the application interface. Proof-of-concept code is publicly available on Exploit-DB and other sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or use workarounds.

🔧 Temporary Workarounds

Restrict User Input

windows

Implement input validation to limit field lengths in connection configuration

Not applicable - requires code modification

Application Sandboxing

windows

Run RDP Manager with restricted privileges to limit impact

RunAs /user:StandardUser "C:\Path\To\RDPManager.exe"

🧯 If You Can't Patch

  • Restrict access to RDP Manager to trusted users only
  • Implement application monitoring to detect crash events and alert administrators

🔍 How to Verify

Check if Vulnerable:

Check RDP Manager version in Help > About. If version is 4.9.9.3, the system is vulnerable.

Check Version:

Check application version through Help > About menu or examine executable properties

Verify Fix Applied:

Test by attempting to enter oversized text (over 1000 characters) in Verbindungsname or Server fields. If application doesn't crash, fix is working.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Windows Event Logs showing RDP Manager process termination

Network Indicators:

  • None - this is a local attack

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="RDPManager.exe"

📊 Metadata

CVE ID: CVE-2021-47771
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
EPSS Score: 0.01% exploit probability (0.2th percentile)
Published: January 15, 2026
Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47771, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)