CVE-2021-47849
📋 TL;DR
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through API requests. By manipulating file path parameters, attackers can retrieve file lists from directories like /usr, /etc, and /var. This affects users running Mini Mouse 9.3.0 on their systems.
💻 Affected Systems
- Mini Mouse Remote Control
📦 What is this software?
Mini Mouse by Yodinfo
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files (passwords, configurations, logs) leading to full system compromise through credential theft or privilege escalation.
Likely Case
Information disclosure of system directory contents, potentially exposing configuration files, logs, or other sensitive data.
If Mitigated
Limited to directory listing without file content access, or blocked by proper input validation and access controls.
🎯 Exploit Status
Exploit requires simple path traversal payloads in API requests. No authentication needed based on available information.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Check for updated version in Apple App Store or vendor website. 2. If no patch available, consider removing the application. 3. Monitor vendor communications for security updates.
🔧 Temporary Workarounds
Network Access Restriction
linuxBlock network access to Mini Mouse application using firewall rules
sudo ufw deny out to any port 80,443 proto tcp comment 'Block Mini Mouse'
sudo ufw deny in from any port 80,443 proto tcp comment 'Block Mini Mouse'
Application Removal
macOSUninstall Mini Mouse 9.3.0 completely
sudo rm -rf /Applications/Mini\ Mouse.app
sudo pkgutil --forget com.vendor.minimouse
🧯 If You Can't Patch
- Implement strict network segmentation to isolate systems running Mini Mouse
- Deploy WAF or reverse proxy with path traversal protection rules
🔍 How to Verify
Check if Vulnerable:
Test API endpoint with path traversal payloads like '../../etc/passwd' or similar directory traversal attemptsCheck Version:
Check application version in About dialog or via: grep -i version /Applications/Mini\ Mouse.app/Contents/Info.plistVerify Fix Applied:
Retest with same payloads after update/removal - should receive error or no directory listing📡 Detection & Monitoring
Log Indicators:
- API requests containing '../' sequences
- Unusual file path patterns in application logs
- Access to system directories from Mini Mouse process
Network Indicators:
- HTTP requests with path traversal patterns to Mini Mouse endpoints
- Unusual outbound connections from Mini Mouse to external IPs
SIEM Query:
source="*minimouse*" AND ("../" OR "..\\" OR "/etc/" OR "/usr/" OR "/var/")