cbcvebase.
CVE-2022-25226
published 2022-04-18

CVE-2022-25226: ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID…

PriorityP182critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EXPLOIT
EPSS
10.87%
95.3th percentile
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.

Affected

2 ranges
VendorProductVersion rangeFixed in
cybelsoftthinvnc
cybelsoftthinvnc

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://thin-vnc:8080/cmd?cmd=connect
url{{BaseURL}}/cmd?cmd=connect
otherhttp.favicon.hash:-1414548363
othericon_hash="571240285"
  • HTTP GET request to /cmd?cmd=connect endpoint on ThinVNC server returns a 200 response containing both 'cmd":"connectStatus' and 'authStatus":1' in the body, indicating successful authentication bypass without credentials.
  • Identify exposed ThinVNC 1.0b1 instances via Shodan using favicon hash -1414548363 or FOFA using icon_hash 571240285.
  • Authentication bypass allows unauthenticated SID acquisition; subsequent keyboard/mouse event messages to the server can achieve code execution.
  • ·ThinVNC default port is 8080; detection should target this port unless the deployment uses a non-standard port.
  • ·The vulnerability is confirmed only for ThinVNC version 1.0b1 (CPE: cpe:2.3:a:cybelsoft:thinvnc:1.0:b1); other versions may not be affected.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.