CVE-2021-47891

CRITICAL

Unified Remote 3.9.0.2463 - Remote Code Execution via Crafted Network Packets

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47891. PoCs published by H4rk3nz0.

AI-analyzed exploit summary This exploit leverages Unified Remote's protocol to simulate keyboard inputs, opening CMD and executing a payload via certutil. It demonstrates RCE by downloading and executing a remote payload.

Description

Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.

Exploits (1)

exploitdb WORKING POC VERIFIED
by H4rk3nz0 · pythonremotewindows
https://www.exploit-db.com/exploits/49587

This exploit leverages Unified Remote's protocol to simulate keyboard inputs, opening CMD and executing a payload via certutil. It demonstrates RCE by downloading and executing a remote payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unified Remote 3.9.0.2463
No auth needed
Prerequisites: Network access to target on port 9512 · HTTP server hosting the payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49587
Various Sources product
https://www.unifiedremote.com/
Various Sources product
https://www.unifiedremote.com/download

Scores

CVSS v3 9.8
EPSS 0.0080
EPSS Percentile 51.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-306
Status published
Products (1)
Unified Intents AB/Unified Remote 3.9.0.2463
Published Jan 23, 2026
Tracked Since Feb 18, 2026