CVE-2021-47891 | THREATINT

Description

Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.

PUBLISHED Reserved 2026-01-18 | Published 2026-01-23 | Updated 2026-01-23 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authentication for Critical Function

Product status

3.9.0.2463

affected

Credits

H4rk3nz0 finder

References

www.exploit-db.com/exploits/49587 (ExploitDB-49587) exploit

www.unifiedremote.com/ (Unified Remote Official Homepage) product

www.unifiedremote.com/download (Unified Remote Download Page) product

www.vulncheck.com/...es/unified-remote-remote-code-execution (VulnCheck Advisory: Unified Remote 3.9.0.2463 - Remote Code Execution) third-party-advisory

cve.org (CVE-2021-47891)

nvd.nist.gov (CVE-2021-47891)

Download JSON