CVE-2021-27572

Published: May 7, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.

Affected (1)

Products: Remotemouse: Emote Remote Mouse

Remotemouse

1 product

Emote Remote Mouse

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Remotemouse Emote Remote Mouse	Up to 4.0.0.0

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (4)

https://axelp.io/MouseTrap

Source: cve@mitre.org

ExploitThird Party Advisory

https://remotemouse.net/blog/

Source: cve@mitre.org

Product

https://axelp.io/MouseTrap

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://remotemouse.net/blog/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.