CVE-2022-45482

Published: Dec 2, 2022Modified: Apr 24, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected (1)

Products: Lazy Mouse Project: Lazy Mouse

Lazy Mouse Project

1 product

Lazy Mouse

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lazy Mouse Project Lazy Mouse	Up to 2.0.1

Related CWEs

CWE-521

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References (2)

https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/

Source: disclosure@synopsys.com

Third Party Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.