Cyber Resilience

CVE-2021-47850

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0120 64.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47850 is a high-severity Path Traversal (CWE-22) vulnerability in Yodinfo Mini Mouse. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-47850 is a path traversal vulnerability (CWE-22) affecting Mini Mouse version 9.2.0, scored at CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The flaw enables remote attackers to access arbitrary system files and directories on the affected system through crafted HTTP requests. By manipulating file and path parameters, attackers can retrieve sensitive files such as win.ini or list contents of system directories like C:\Users\Public.

The vulnerability can be exploited by any remote attacker with network access to the Mini Mouse server component, requiring no authentication, privileges, or user interaction. Successful exploitation allows attackers to achieve high-impact confidentiality breaches by reading arbitrary files, potentially exposing sensitive configuration data, user information, or other system details without affecting integrity or availability.

Advisories and related resources, including the VulnCheck advisory at https://www.vulncheck.com/advisories/mini-mouse-path-traversal, provide further details on the issue. A proof-of-concept exploit is available at https://www.exploit-db.com/exploits/49744, and the affected application is listed on the Apple App Store at https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948.

A public exploit exists on Exploit-DB, indicating potential for real-world abuse against unpatched Mini Mouse 9.2.0 installations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by…

more

manipulating file and path parameters.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Why these techniques?

Path traversal in public-facing Mini Mouse server enables remote unauthenticated file/directory access (T1190), directly facilitating arbitrary local file reads (T1005) and directory listings (T1083).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47849Same product: Yodinfo Mini Mouse
CVE-2021-47851Same product: Yodinfo Mini Mouse
CVE-2025-60946Shared CWE-22
CVE-2025-52452Shared CWE-22
CVE-2026-30914Shared CWE-22
CVE-2024-57669Shared CWE-22
CVE-2026-25869Shared CWE-22
CVE-2025-2264Shared CWE-22
CVE-2024-57451Shared CWE-22
CVE-2026-49128Shared CWE-22

Affected Assets

yodinfo
mini mouse
9.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates path traversal by requiring validation of file and path parameters in HTTP requests to block directory traversal sequences.

prevent

Requires identification, reporting, and correction of the specific path traversal flaw in Mini Mouse 9.2.0, preventing exploitation through patching.

prevent

Enforces approved authorizations for logical access to system files and directories, limiting damage from successful path traversal attempts.

References