Cyber Resilience

CVE-2021-47789

MediumPublic PoC

Published: 16 January 2026

Published
16 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score v4 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 4.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47789 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Yenkee Yms 3029 Firmware. Its CVSS base score is 6.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2021-47789 is a buffer overrun vulnerability (CWE-121, CWE-787) in the Yenkee Hornet Gaming Mouse driver, specifically the GM312Fltr.sys component. The flaw enables attackers to crash the affected system by sending oversized input, such as a 2000-byte buffer through DeviceIoControl, resulting in a kernel-level system crash. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-01-16T00:16:22.450.

Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Successful exploitation achieves a denial-of-service condition by triggering a kernel crash, rendering the system unavailable.

Advisories and related resources include a GitHub repository from Quadron Research Lab documenting the kernel driver bug, a proof-of-concept exploit on Exploit-DB (ID 50311), a Vulncheck advisory on the denial-of-service PoC, and the vendor website at yenkee.eu. No specific patch or mitigation details are detailed in the provided references.

EU & UK References

Vulnerability details

Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overrun in kernel driver enables direct exploitation to trigger system crash (Endpoint DoS via Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71025Shared CWE-121, CWE-787
CVE-2020-37133Shared CWE-121, CWE-787
CVE-2026-20797Shared CWE-121, CWE-787
CVE-2024-13903Shared CWE-121, CWE-787
CVE-2019-25328Shared CWE-121
CVE-2025-1758Shared CWE-121
CVE-2026-36837Shared CWE-121
CVE-2026-41989Shared CWE-787
CVE-2020-37208Shared CWE-787
CVE-2021-47786Shared CWE-787

Affected Assets

yenkee
yms 3029 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of DeviceIoControl input buffer sizes to block the 2000-byte oversized payload that triggers the GM312Fltr.sys overflow.

prevent

Applies memory-protection mechanisms that can detect or block the buffer-overrun write in kernel space before a system crash occurs.

prevent

Limits the ability of unauthenticated network inputs to induce a denial-of-service condition via the vulnerable kernel driver.

References