CVE-2021-47849

MEDIUM

Mini Mouse 9.3.0 - Path Traversal via Device Information Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47849. PoCs published by gosh.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion/path traversal vulnerability in Mini Mouse 9.3.0, allowing unauthorized access to sensitive directories and files on an iOS device. The PoC includes HTTP requests to enumerate directories and files, confirming the vulnerability.

Description

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.

Exploits (1)

exploitdb WORKING POC
by gosh · textwebappsios
https://www.exploit-db.com/exploits/49747

This exploit demonstrates a local file inclusion/path traversal vulnerability in Mini Mouse 9.3.0, allowing unauthorized access to sensitive directories and files on an iOS device. The PoC includes HTTP requests to enumerate directories and files, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mini Mouse 9.3.0
No auth needed
Prerequisites: Network access to the target device · Mini Mouse app running on iOS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.2
EPSS 0.0066
EPSS Percentile 46.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
yodinfo/mini_mouse 9.3.0
Published Jan 21, 2026
Tracked Since Feb 18, 2026