CVE-2021-47789
Published: 16 January 2026
Summary
CVE-2021-47789 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Yenkee Yms 3029 Firmware. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-5 (Denial-of-service Protection).
Deeper analysis
CVE-2021-47789 is a buffer overrun vulnerability (CWE-121, CWE-787) in the Yenkee Hornet Gaming Mouse driver, specifically the GM312Fltr.sys component. The flaw enables attackers to crash the affected system by sending oversized input, such as a 2000-byte buffer through DeviceIoControl, resulting in a kernel-level system crash. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-01-16T00:16:22.450.
Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Successful exploitation achieves a denial-of-service condition by triggering a kernel crash, rendering the system unavailable.
Advisories and related resources include a GitHub repository from Quadron Research Lab documenting the kernel driver bug, a proof-of-concept exploit on Exploit-DB (ID 50311), a Vulncheck advisory on the denial-of-service PoC, and the vendor website at yenkee.eu. No specific patch or mitigation details are detailed in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3012
Vulnerability details
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overrun in kernel driver enables direct exploitation to trigger system crash (Endpoint DoS via Application or System Exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of DeviceIoControl input buffer sizes to block the 2000-byte oversized payload that triggers the GM312Fltr.sys overflow.
Applies memory-protection mechanisms that can detect or block the buffer-overrun write in kernel space before a system crash occurs.
Limits the ability of unauthenticated network inputs to induce a denial-of-service condition via the vulnerable kernel driver.