Cyber Resilience

CVE-2021-47849

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0066 46.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47849 is a high-severity Path Traversal (CWE-22) vulnerability in Yodinfo Mini Mouse. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 46.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2021-47849 is a path traversal vulnerability in Mini Mouse version 9.3.0, a remote control application available on the Apple App Store. The flaw affects the device information endpoint, where attackers can manipulate file path parameters in API requests to access sensitive system directories such as /usr, /etc, and /var, enabling retrieval of file lists from these locations. Mapped to CWE-22, it carries a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but no integrity or availability disruption.

Local attackers can exploit this vulnerability without privileges or user interaction, as the low attack complexity and local vector (AV:L) suggest access to the same system or device running the affected application. Successful exploitation allows reading arbitrary files from protected directories, potentially exposing configuration data, credentials, or other sensitive information stored in /etc, /usr, or /var, which could aid further attacks like privilege escalation or lateral movement.

Advisories from Vulncheck detail the local file inclusion via path traversal, while Exploit-DB hosts a proof-of-concept exploit (ID 49747) demonstrating the issue. No specific patches are mentioned in the provided references, but practitioners should verify updates via the application's App Store listing and avoid version 9.3.0 on affected devices.

A public exploit is available on Exploit-DB, indicating potential for real-world abuse by local adversaries targeting macOS or iOS environments where Mini Mouse is installed.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in…

more

API requests.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Why these techniques?

Path traversal directly enables local file/directory enumeration and data retrieval from sensitive system paths.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47850Same product: Yodinfo Mini Mouse
CVE-2021-47851Same product: Yodinfo Mini Mouse
CVE-2025-68953Shared CWE-22
CVE-2026-34911Shared CWE-22
CVE-2024-57784Shared CWE-22
CVE-2026-44973Shared CWE-22
CVE-2025-1335Shared CWE-22
CVE-2026-3051Shared CWE-22
CVE-2025-60946Shared CWE-22
CVE-2025-52452Shared CWE-22

Affected Assets

yodinfo
mini mouse
9.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks manipulation of file path parameters in the device information endpoint before path traversal occurs.

prevent

Enforces access rules on file system objects so that even a traversed path cannot retrieve contents of /etc, /usr or /var.

prevent

Limits the Mini Mouse process to the minimum set of directories, reducing the impact of any successful path traversal.

References