A critical remote code execution vulnerability has been identified in Mini Mouse products, assigned CVE-2021-47851 with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to remotely execute arbitrary commands on the affected system, potentially leading to a complete system compromise, data theft, or further network intrusion.

The vulnerability exists within an unauthenticated HTTP endpoint, /op=command. An attacker can send a specially crafted JSON request to this endpoint containing malicious script commands. The application fails to properly sanitize or validate this input, leading to the execution of the commands with the privileges of the application's user account, resulting in remote code execution (RCE).

This vulnerability is of critical severity with a CVSS score of 9.8. Successful exploitation could grant an attacker complete control over the affected server, leading to severe business consequences. These include the exfiltration of sensitive company or customer data, deployment of ransomware, disruption of critical services, and using the compromised system as a pivot point to attack other internal network resources. The reputational and financial damage from such an incident would be significant.

Immediate Action:

• Immediately apply the vendor-supplied security updates to upgrade all instances of Mini Mouse to the latest version.
• Review server access logs for any requests to the /op=command endpoint to identify potential past or ongoing exploitation attempts.
• Monitor affected systems for any signs of compromise, such as unusual outbound network traffic or unauthorized processes.

Proactive Monitoring:

• Implement log monitoring rules to generate alerts for any HTTP requests targeting the /op=command endpoint.
• Monitor for unexpected outbound network connections from servers running Mini Mouse, which could indicate a payload download.
• Use endpoint detection and response (EDR) tools to watch for suspicious process execution, such as shell commands (sh, bash, cmd.exe, powershell.exe) being spawned by the Mini Mouse application process.

Compensating Controls:

• If immediate patching is not feasible, restrict network access to the affected application. Use a Web Application Firewall (WAF) or reverse proxy to block all requests to the /op=command endpoint.
• Isolate the affected server in a segmented network zone to limit the potential impact of a compromise on the broader corporate network.
• Ensure the application is running with the lowest possible user privileges to minimize the scope of a potential compromise.

Public Exploit Available: Not publicly known at the time of this report.

Given the critical CVSS score of 9.8 and the risk of unauthenticated remote code execution, this vulnerability represents a severe and immediate threat to the organization. Although there is no evidence of active exploitation at this time, its high severity makes it a prime target. We strongly recommend that all affected Mini Mouse products be updated to the latest version on an emergency basis to prevent potential compromise.