CVE-2021-47850 – Mini Mouse 9.2.0 contains a path traversal vuln... (How to Fix)

Q: What is the severity of CVE-2021-47850?

CVE-2021-47850 has a CVSS score of 7.5 (HIGH). Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. This affects users running Mini Mouse 9.2.0 on Windows systems, potentially exposing sensitive system files and directory contents to unauthorized access.

📋 TL;DR

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. This affects users running Mini Mouse 9.2.0 on Windows systems, potentially exposing sensitive system files and directory contents to unauthorized access.

💻 Affected Systems

Products:

Mini Mouse Remote Control

Versions: 9.2.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of Mini Mouse 9.2.0. No special configuration is required for exploitation.

📦 What is this software?

Mini Mouse by Yodinfo

View all CVEs affecting Mini Mouse →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could retrieve sensitive system files (like SAM database, configuration files, credentials), list all user directories, and potentially achieve remote code execution by writing to system locations.

🟠

Likely Case

Unauthorized access to sensitive files like win.ini, system configuration files, and directory listings of user folders, leading to information disclosure and potential credential harvesting.

🟢

If Mitigated

Limited to directory traversal attempts that are blocked by proper input validation or network segmentation, preventing actual file access.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable via HTTP requests, making internet-facing instances particularly vulnerable to remote attacks.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to attackers who gain network access, but risk is reduced compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 49744), demonstrating simple HTTP requests with path traversal payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch is available. Consider workarounds or discontinuing use of vulnerable version.

🔧 Temporary Workarounds

Network Segmentation

windows

Restrict network access to Mini Mouse service using firewall rules to limit exposure.

netsh advfirewall firewall add rule name="Block Mini Mouse" dir=in action=block protocol=TCP localport=8080

Application Whitelisting

windows

Prevent execution of Mini Mouse 9.2.0 using application control policies.

🧯 If You Can't Patch

Uninstall Mini Mouse 9.2.0 and replace with alternative remote control software
Implement strict network segmentation to isolate systems running Mini Mouse from sensitive networks

🔍 How to Verify

Check if Vulnerable:

Test by sending HTTP request to Mini Mouse service with path traversal payload (e.g., GET /../../../../windows/win.ini) and checking for file contents in response.

Check Version:

Check application version in About dialog or program properties. For command line: wmic product where name="Mini Mouse" get version

Verify Fix Applied:

Verify that path traversal attempts return error responses or are blocked, and that only legitimate file requests are processed.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing ../ sequences or attempts to access system paths
Unusual file access patterns from Mini Mouse process

Network Indicators:

HTTP traffic to Mini Mouse service with path traversal patterns in URLs
Multiple sequential ../ in HTTP requests

SIEM Query:

source="*mini-mouse*" AND (url="*../*" OR url="*..\\*" OR url="*/windows/*" OR url="*/users/*")

📊 Metadata

CVE ID: CVE-2021-47850

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.75% exploit probability (72.6th percentile)

Published: January 21, 2026

Last Updated: February 2, 2026

🔗 References

https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948 Product
https://www.exploit-db.com/exploits/49744 Exploit,VDB Entry
https://www.vulncheck.com/advisories/mini-mouse-path-traversal Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47850, you might also want to check these: