This page lists publicly disclosed CVE vulnerabilities affecting unifiedremote unified_remote (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-47891 | Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads. | [email protected] | 9.3 | 0.80% | 2026-01-23 | 2026-06-17 |
| CVE-2023-52252 | Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. | [email protected] | 9.8 | 1.11% | 2023-12-30 | 2026-06-17 |
| CVE-2022-3229 | Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | [email protected] | 9.8 | 66.35% | 2023-02-06 | 2026-06-17 |