Vulnerability Details CVE-2022-3218
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.848
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 9.8
References
- http://packetstormsecurity.com/files/168509/WiFi-Mouse-1.8.3.4-Remote-Code-Execution.html
- https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.py
- https://github.com/rapid7/metasploit-framework/pull/16985
- https://www.exploit-db.com/exploits/49601
- https://www.exploit-db.com/exploits/50972
- http://packetstormsecurity.com/files/168509/WiFi-Mouse-1.8.3.4-Remote-Code-Execution.html
- https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.py
- https://github.com/rapid7/metasploit-framework/pull/16985
- https://www.exploit-db.com/exploits/49601
- https://www.exploit-db.com/exploits/50972
Products affected by CVE-2022-3218
-
cpe:2.3:a:necta:wifi_mouse_server:1.7.8.5