CVE-2022-3218
published 2022-09-19CVE-2022-3218: Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
73.47%
99.4th percentile
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| necta | wifi_mouse_server | — | — |
| necta_llc | wifi_mouse | 1.8.2.3 – 1.8.2.3 | — |
| necta_llc | wifi_mouse | 1.8.3.4 – 1.8.3.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication for WiFi Mouse (Mouse Server) is implemented entirely client-side; any unauthenticated client connecting to the Mouse Server can bypass auth and send commands directly — monitor for unexpected inbound connections to the Mouse Server port from non-whitelisted hosts. ↗
- →Exploitation results in spawning cmd.exe under the context of the WiFi Mouse (Mouse Server) process — alert on cmd.exe or shell processes spawned as a child of the Mouse Server process. ↗
- →A public Metasploit module exists for this vulnerability (exploits/windows/misc/wifi_mouse_rce); presence of this module's traffic patterns or exploit attempts should be treated as active exploitation. ↗
- ·Exploitation has been confirmed against WiFi Mouse (Mouse Server) versions 1.8.3.4 and 1.8.2.3; detections should prioritize hosts running these specific versions. ↗
- ·The vulnerability is a client-side auth bypass (not a memory corruption or protocol flaw), meaning no exploit payload is required — any raw TCP/network client can abuse it, making network-layer detection based on malformed packets ineffective. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
golang-1.13, golang-1.16 vulnerabilities
osv·2024-01-09·CVSS 6.5
CVE-2022-29526 golang-1.13, golang-1.16 vulnerabilities
golang-1.13, golang-1.16 vulnerabilities
USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides
the corresponding updates for Go 1.13 and Go 1.16.
CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16.
Original advisory details:
It was discovered that the Go net/http module incorrectly handled
Transfer-Encoding headers in the HTTP/1 client. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-1705)
It was discovered that Go did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause a panic
resulting into a denial of service. (CVE-2022-1962, CVE-2022-27664,
CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632,
CVE-2022-30633, CVE-2022-30635, CVE-2022-3218
GHSA
GHSA-9ccj-j63p-ch9p: Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which
ghsa_unreviewed·2022-09-20
CVE-2022-3218 [CRITICAL] CWE-287 GHSA-9ccj-j63p-ch9p: Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/168509/WiFi-Mouse-1.8.3.4-Remote-Code-Execution.htmlhttps://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.pyhttps://github.com/rapid7/metasploit-framework/pull/16985https://www.exploit-db.com/exploits/49601https://www.exploit-db.com/exploits/50972http://packetstormsecurity.com/files/168509/WiFi-Mouse-1.8.3.4-Remote-Code-Execution.htmlhttps://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.pyhttps://github.com/rapid7/metasploit-framework/pull/16985https://www.exploit-db.com/exploits/49601https://www.exploit-db.com/exploits/50972
2022-09-19
Published