Cyber Posture

CVE-2021-47850

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0031 54.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47850 is a high-severity Path Traversal (CWE-22) vulnerability in Yodinfo Mini Mouse. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 45.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

NVD Description

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by…

more

manipulating file and path parameters.

Deeper analysisAI

CVE-2021-47850 is a path traversal vulnerability (CWE-22) affecting Mini Mouse version 9.2.0, scored at CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The flaw enables remote attackers to access arbitrary system files and directories on the affected system through crafted HTTP requests. By manipulating file and path parameters, attackers can retrieve sensitive files such as win.ini or list contents of system directories like C:\Users\Public.

The vulnerability can be exploited by any remote attacker with network access to the Mini Mouse server component, requiring no authentication, privileges, or user interaction. Successful exploitation allows attackers to achieve high-impact confidentiality breaches by reading arbitrary files, potentially exposing sensitive configuration data, user information, or other system details without affecting integrity or availability.

Advisories and related resources, including the VulnCheck advisory at https://www.vulncheck.com/advisories/mini-mouse-path-traversal, provide further details on the issue. A proof-of-concept exploit is available at https://www.exploit-db.com/exploits/49744, and the affected application is listed on the Apple App Store at https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948.

A public exploit exists on Exploit-DB, indicating potential for real-world abuse against unpatched Mini Mouse 9.2.0 installations.

Details

CWE(s)
CWE-22

Affected Products

yodinfo
mini mouse
9.2.0

CVEs Like This One

CVE-2021-47849Same product: Yodinfo Mini Mouse
CVE-2021-47851Same product: Yodinfo Mini Mouse
CVE-2026-23536Shared CWE-22
CVE-2025-23422Shared CWE-22
CVE-2024-48885Shared CWE-22
CVE-2024-12849Shared CWE-22
CVE-2026-33656Shared CWE-22
CVE-2025-8343Shared CWE-22
CVE-2025-59384Shared CWE-22
CVE-2026-3051Shared CWE-22

References