CVE-2022-24644 โ€” Download of Code Without Integrity Check in Keymouse Firmware

CWE-494 โ€” Download of Code Without Integrity Check3 documents3 sources
Severity
8.8HIGHNVD
EPSS
10.8%
top 6.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zzinc Keymouse Firmware
Timeline
PublishedMar 10
Latest updateMar 11

Description

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

โ–ถNVDzzinc/keymouse_firmware2.02, 3.05, 3.08+2

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-4gq4-23pp-r535: ZZ Incโ†—2022-03-11
โ–ถ
CVEList
CVE-2022-24644: ZZ Incโ†—2022-03-07
โ–ถ
CVE-2022-24644 โ€” Zzinc Keymouse Firmware vulnerability | cvebase