CVE-2021-47850
Published: 21 January 2026
Summary
CVE-2021-47850 is a high-severity Path Traversal (CWE-22) vulnerability in Yodinfo Mini Mouse. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-47850 is a path traversal vulnerability (CWE-22) affecting Mini Mouse version 9.2.0, scored at CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The flaw enables remote attackers to access arbitrary system files and directories on the affected system through crafted HTTP requests. By manipulating file and path parameters, attackers can retrieve sensitive files such as win.ini or list contents of system directories like C:\Users\Public.
The vulnerability can be exploited by any remote attacker with network access to the Mini Mouse server component, requiring no authentication, privileges, or user interaction. Successful exploitation allows attackers to achieve high-impact confidentiality breaches by reading arbitrary files, potentially exposing sensitive configuration data, user information, or other system details without affecting integrity or availability.
Advisories and related resources, including the VulnCheck advisory at https://www.vulncheck.com/advisories/mini-mouse-path-traversal, provide further details on the issue. A proof-of-concept exploit is available at https://www.exploit-db.com/exploits/49744, and the affected application is listed on the Apple App Store at https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948.
A public exploit exists on Exploit-DB, indicating potential for real-world abuse against unpatched Mini Mouse 9.2.0 installations.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3610
Vulnerability details
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by…
more
manipulating file and path parameters.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing Mini Mouse server enables remote unauthenticated file/directory access (T1190), directly facilitating arbitrary local file reads (T1005) and directory listings (T1083).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates path traversal by requiring validation of file and path parameters in HTTP requests to block directory traversal sequences.
Requires identification, reporting, and correction of the specific path traversal flaw in Mini Mouse 9.2.0, preventing exploitation through patching.
Enforces approved authorizations for logical access to system files and directories, limiting damage from successful path traversal attempts.