CVE-2021-47891

CRITICAL EPSS 51.9%

Published Jan 23, 20265mo ago · Modified Jun 17, 20261w ago

9.3 CVSS 4.0

Critical

Published Jan 23, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.

CVSS Details

Base Score

9.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

51.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

References 4

exploit-db.com https://www.exploit-db.com/exploits/49587
unifiedremote.com https://www.unifiedremote.com/
unifiedremote.com https://www.unifiedremote.com/download
vulncheck.com https://www.vulncheck.com/advisories/unified-remote-remote-code-execution

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.