CVE-2022-24644

HIGH

ZZ Inc. KeyMouse <3.08 - RCE

Title source: llm

Description

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.

Exploits (2)

nomisec WORKING POC 1 stars

by gar-re · poc

https://github.com/gar-re/cve-2022-24644

View Code ZIP pw:eip

nomisec WORKING POC

by ThanhThuy2908 · poc

https://github.com/ThanhThuy2908/ATHDH_CVE_2022_24644

View Code ZIP pw:eip

References (2)

[Product, Vendor Advisory] http://keymouse.com

[Exploit, Third Party Advisory] https://github.com/gerr-re/cve-2022-24644/blob/main/cve-2022-24644_public-advisory.pdf

Scores

CVSS v3 8.8

EPSS 0.1084

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (3)

zzinc/keymouse_firmware 2.02

zzinc/keymouse_firmware 3.05

zzinc/keymouse_firmware 3.08

Published Mar 10, 2022

Tracked Since Feb 18, 2026