23 matches found
CVE-2026-27182
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the...
CVE-2026-27182 Saturn Remote Mouse Server UDP Command Injection RCE
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the...
CVE-2026-27182
The CVE describes a local, unauthenticated command injection in Saturn Remote Mouse Server. An attacker on the same local network can send specially crafted UDP JSON frames to port 27000, where the service forwards unsanitized command data to OS execution functions, resulting in remote code execu...
📄 Wifi Mouse 1.9.0.8 Remote Code Execution
WiFi Mouse Server version 1.9.0.8 allows unauthenticated remote code execution by simulating keyboard input over TCP port 1978. This exploit connects to the server and simulates a keystroke to delivery a reverse shell. Exploit Title: Wifi Mouse version 1.9.0.8 - Remote Code Execution Date:...
📄 Saturn Remote Mouse Server 1.0.4.0 Remote Code Execution
Saturn Remote Mouse Server version 1.0.4.0 exposes an unauthenticated UDP command interface port 27000 allowing remote attackers to inject keystrokes. This proof of concept demonstrates remote code execution by simulating Windows key combinations to spawn cmd.exe and execute malicious PowerShell...
CVE-2022-3365
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...
CVE-2022-3365
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...
CVE-2022-3365
CVE-2022-3365 affects Remote Mouse Server by Emote Interactive. The Red Hat, NVD, and CVE records describe unauthenticated remote code execution via the server’s protocol, tied to weak encoding (trivial substitution cipher) and default password use when none is set, with Metasploit tests against ...
PT-2025-1362 · Emote Interactive · Remote Mouse Server
Name of the Vulnerable Software and Affected Versions: Remote Mouse Server by Emote Interactive version 4.110 Description: The issue arises due to the product's reliance on a trivial substitution cipher sent in cleartext and its use of a default password when no password is set by the user. This...
CVE-2022-45482
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...
CVE-2022-45482
CVE-2022-45482 concerns the Lazy Mouse server, where the vulnerability is caused by weak password requirements and lack of rate limiting. This allows remote, unauthenticated attackers to brute force the PIN and potentially execute arbitrary commands. The core data sources describe the affected co...
PT-2022-27538 · Unknown · Lazy Mouse Server
Name of the Vulnerable Software and Affected Versions: Lazy Mouse server affected versions not specified Description: The issue allows remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands due to weak password requirements and the lack of rate...
CVE-2022-45482
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...
Remote Mouse 4.110 Remote Code Execution Exploit
This Metasploit module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 4.110, current at the time of module writing. This module...
Rapid7 Metasploit 安全漏洞
Rapid7 Metasploit is a suite of penetration testing software from the US-based company Rapid7. Rapid7 Metasploit suffers from a security vulnerability that stems from its use of the Remote Mouse Server protocol to deploy a payload and run it from a server, a module that only deploys a payload if...
Remote Mouse 4.110 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Remote Mouse RCE', 'Description' = %q This module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it...
Mobile Mouse 3.6.0.4 Remote Code Execution Exploit
This Metasploit module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.6.0.4, the current version at the time of module...
CVE-2022-3218
Due to a reliance on client-side authentication, the WiFi Mouse Mouse Server from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution...
Remote code execution
Due to a reliance on client-side authentication, the WiFi Mouse Mouse Server from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution...
CVE-2022-3218
CVE-2022-3218 concerns the WiFi Mouse (Mouse Server) from Necta LLC, where authentication is implemented entirely on the client side, enabling a bypass that can lead to remote code execution. Multiple connected sources provide concrete details: (1) NVD/NVDC notes a client-side auth bypass allowin...