CVE-2021-47851 – Mini Mouse 9.2.0 contains an unauthenticated re... (How to Fix)

Q: What is the severity of CVE-2021-47851?

CVE-2021-47851 has a CVSS score of 9.8 (CRITICAL). Mini Mouse 9.2.0 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands via crafted HTTP requests to the /op=command endpoint. This affects all users running Mini Mouse 9.2.0 on any platform where the software is exposed to network access.

📋 TL;DR

Mini Mouse 9.2.0 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands via crafted HTTP requests to the /op=command endpoint. This affects all users running Mini Mouse 9.2.0 on any platform where the software is exposed to network access.

💻 Affected Systems

Products:

Mini Mouse Remote Control

Versions: 9.2.0

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration when Mini Mouse is running with network access enabled.

📦 What is this software?

Mini Mouse by Yodinfo

View all CVEs affecting Mini Mouse →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal data, pivot to other systems, or establish persistent backdoors.

🟠

Likely Case

Attackers executing arbitrary commands to download and run malicious payloads, potentially leading to ransomware deployment or credential theft.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to the vulnerable endpoint.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable via unauthenticated HTTP requests, making internet-exposed instances immediate targets.

🏢 Internal Only: HIGH - Even internally, any system with Mini Mouse accessible over the network is vulnerable to lateral movement attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB, requiring only basic HTTP request crafting skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider removing or replacing Mini Mouse with alternative software.

🔧 Temporary Workarounds

Network Access Restriction

all

Block all network access to Mini Mouse using firewall rules

Windows: netsh advfirewall firewall add rule name="Block Mini Mouse" dir=in action=block program="C:\Path\To\MiniMouse.exe" enable=yes
Linux: iptables -A INPUT -p tcp --dport [Mini Mouse Port] -j DROP

Disable HTTP Endpoint

all

Configure Mini Mouse to disable network functionality or run in local-only mode

🧯 If You Can't Patch

Immediately isolate affected systems from network access
Implement strict network segmentation to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check if Mini Mouse version 9.2.0 is installed and running with network access enabled. Test by sending a crafted HTTP POST request to http://[target]:[port]/op=command with JSON payload.

Check Version:

Check application version in About dialog or installation directory properties

Verify Fix Applied:

Verify Mini Mouse is either removed, network access is blocked, or the software is no longer running.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /op=command endpoint
Unusual process execution from Mini Mouse directory
Network connections from Mini Mouse to external IPs

Network Indicators:

HTTP POST requests containing JSON with command execution patterns
Traffic to suspicious domains/downloads following Mini Mouse requests

SIEM Query:

source="*mini*mouse*" AND (uri="/op=command" OR method="POST")

📊 Metadata

CVE ID: CVE-2021-47851

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.45% exploit probability (63.3th percentile)

Published: January 21, 2026

Last Updated: February 2, 2026

🔗 References

https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948 Product
https://www.exploit-db.com/exploits/49743 Exploit,VDB Entry
https://www.vulncheck.com/advisories/mini-mouse-remote-code-execution Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47851, you might also want to check these: