Vulnerability Details Severity: Critical Date: January 22, 2026 Affected Software: Unified Remote 3.9.0.2463 CVE ID: CVE-2021-47891 CWE ID: CWE-306 Missing Authentication for Critical Function CVSS v4 Vector Base Score: 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N References ExploitDB-49587 Unified Remote Official Homepage Unified Remote Download Page Credit Researcher: H4rk3nz0 Description Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.