{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2021-47891", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-18T12:35:05.173Z", "datePublished": "2026-01-23T16:47:36.756Z", "dateUpdated": "2026-04-07T14:06:24.611Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:06:24.611Z" }, "title": "Unified Remote 3.9.0.2463 - Remote Code Execution", "descriptions": [ { "lang": "en", "value": "Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Missing Authentication for Critical Function", "cweId": "CWE-306", "type": "CWE" } ] } ], "affected": [ { "vendor": "Unified Intents AB", "product": "Unified Remote", "versions": [ { "version": "3.9.0.2463", "status": "affected" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:unifiedremote:unified_remote:3.9.0.2463:*:*:*:*:*:*:*" } ] } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.exploit-db.com/exploits/49587", "name": "ExploitDB-49587", "tags": [ "exploit" ] }, { "url": "https://www.unifiedremote.com/", "name": "Unified Remote Official Homepage", "tags": [ "product" ] }, { "url": "https://www.unifiedremote.com/download", "name": "Unified Remote Download Page", "tags": [ "product" ] }, { "name": "VulnCheck Advisory: Unified Remote 3.9.0.2463 - Remote Code Execution", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/unified-remote-remote-code-execution" } ], "credits": [ { "lang": "en", "value": "H4rk3nz0", "type": "finder" } ], "x_generator": { "engine": "vulncheck" }, "datePublic": "2021-02-24T00:00:00.000Z" }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-01-23T19:17:25.213665Z", "id": "CVE-2021-47891", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T19:17:30.223Z" } } ] } }