9.8
CVE-2022-3218
- EPSS 73.48%
- Veröffentlicht 19.09.2022 17:15:14
- Zuletzt bearbeitet 21.11.2024 07:19:04
- Quelle cve@rapid7.com
- CVE-Watchlists
- Unerledigt
LoginNecta WiFi Mouse (Mouse Server) client-side authentication bypass
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Necta ≫ Wifi Mouse Server Version1.7.8.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 73.48% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-603 Use of Client-Side Authentication
A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
http://packetstormsecurity.com/files/168509/WiFi-Mouse-1.8.3.4-Remote-Code-Execution.html
https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.py
https://github.com/rapid7/metasploit-framework/pull/16985
https://www.exploit-db.com/exploits/49601
https://www.exploit-db.com/exploits/50972