cbcvebase.
CVE-2022-3218
published 2022-09-19

CVE-2022-3218: Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
73.47%
99.4th percentile
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.

Affected

3 ranges
VendorProductVersion rangeFixed in
nectawifi_mouse_server
necta_llcwifi_mouse1.8.2.3 – 1.8.2.3
necta_llcwifi_mouse1.8.3.4 – 1.8.3.4

Detection & IOCsextracted from sources · hover to see the quote

processcmd.exe
  • Authentication for WiFi Mouse (Mouse Server) is implemented entirely client-side; any unauthenticated client connecting to the Mouse Server can bypass auth and send commands directly — monitor for unexpected inbound connections to the Mouse Server port from non-whitelisted hosts.
  • Exploitation results in spawning cmd.exe under the context of the WiFi Mouse (Mouse Server) process — alert on cmd.exe or shell processes spawned as a child of the Mouse Server process.
  • A public Metasploit module exists for this vulnerability (exploits/windows/misc/wifi_mouse_rce); presence of this module's traffic patterns or exploit attempts should be treated as active exploitation.
  • ·Exploitation has been confirmed against WiFi Mouse (Mouse Server) versions 1.8.3.4 and 1.8.2.3; detections should prioritize hosts running these specific versions.
  • ·The vulnerability is a client-side auth bypass (not a memory corruption or protocol flaw), meaning no exploit payload is required — any raw TCP/network client can abuse it, making network-layer detection based on malformed packets ineffective.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.