SpirityCVE

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Yodinfo	Mini Mouse

No data.

References

Link	Providers
https://www.spirityenterprise.com/mdr-for-endpoint
https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948
https://www.exploit-db.com/exploits/49747
https://www.vulncheck.com/advisories/mini-mouse-local-file-inclusion-path-traversal

History

Fri, 23 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Yodinfo Yodinfo mini Mouse
Vendors & Products		Yodinfo Yodinfo mini Mouse

Thu, 22 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 21 Jan 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.
Title		Mini Mouse 9.3.0 - Local File inclusion / Path Traversal
Weaknesses		CWE-22
References		https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948 https://www.exploit-db.com/exploits/49747 https://www.vulncheck.com/advisories/mini-mouse-local-file-inclusion-path-traversal
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-01-21T17:27:35.714Z

Updated: 2026-01-22T15:51:58.114Z

Reserved: 2026-01-14T17:11:19.902Z

Link: CVE-2021-47849

Vulnrichment

Updated: 2026-01-22T15:51:54.665Z

NVD

Status : Received

Published: 2026-01-21T18:16:14.063

Modified: 2026-01-21T18:16:14.063

Link: CVE-2021-47849

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object