Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/168509/WiFi-Mouse-1.8.3.4-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.py | Exploit Third Party Advisory |
https://github.com/rapid7/metasploit-framework/pull/16985 | Patch Third Party Advisory |
https://www.exploit-db.com/exploits/49601 | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/50972 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: rapid7
Published: 2021-02-25T00:00:00
Updated: 2022-09-26T17:06:25
Reserved: 2022-09-14T00:00:00
Link: CVE-2022-3218
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-19T17:15:14.630
Modified: 2022-10-01T02:33:21.517
Link: CVE-2022-3218
JSON object: View
Redhat Information
No data.