CVE-2022-3218

CRITICAL

Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2022-3218. PoCs published by RedHatAugust, H4rk3nz0, MoisesTapia, including Metasploit module exploits/windows/misc/wifi_mouse_rce.

AI-analyzed exploit summary This exploit targets WiFi Mouse 1.7.8.5 by sending crafted packets to execute commands via the desktop server software. It leverages the PIN input mechanism to bypass restrictions and execute arbitrary commands, including downloading and running a payload.

Description

Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.

Exploits (4)

exploitdb WORKING POC VERIFIED

by RedHatAugust · pythonremotewindows

https://www.exploit-db.com/exploits/50972

View Code ZIP pw:eip

This exploit targets WiFi Mouse 1.7.8.5 by sending crafted packets to execute commands via the desktop server software. It leverages the PIN input mechanism to bypass restrictions and execute arbitrary commands, including downloading and running a payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WiFi Mouse 1.7.8.5

No auth needed

Prerequisites: Network access to the target on port 1978 · A local HTTP server hosting the payload

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by H4rk3nz0 · pythonremotewindows

https://www.exploit-db.com/exploits/49601

View Code ZIP pw:eip

This exploit targets WiFi Mouse 1.7.8.5 by leveraging a PIN bypass vulnerability to achieve remote code execution. It sends crafted packets to open a command prompt and execute arbitrary commands via certutil to fetch and run a payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WiFi Mouse 1.7.8.5

No auth needed

Prerequisites: Network access to target on port 1978 · HTTP server hosting the payload

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by MoisesTapia · poc

https://github.com/MoisesTapia/cve-2022-3218

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2022-3218, which leverages a command injection vulnerability to execute arbitrary commands on a target system. The exploit uses a hex-encoded communication protocol to interact with the target and downloads a payload via certutil.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown (likely a specific network service listening on port 1978)

No auth needed

Prerequisites: Network access to the target on port 1978 · HTTP server to host the payload · msfvenom or similar tool to generate the payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC NORMAL

by h00die, REDHATAUGUST, H4RK3NZ0 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/wifi_mouse_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass in WiFi Mouse Server (CVE-2022-3218) to achieve remote code execution by opening cmd.exe and injecting commands via the server's input simulation functionality.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WiFi Mouse Server (Necta LLC) versions 1.8.3.4 and 1.8.2.3

No auth needed

Prerequisites: Network access to TCP port 1978 on the target

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1021.001 - Remote Desktop Protocol

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/rapid7/metasploit-framework/pull/16985

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50972

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49601

Exploit, Third Party Advisory x_refsource_misc

https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.py

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/168509/WiFi-Mouse-1.8.3.4-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.7348

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-603 CWE-287

Status published

Products (1)

necta/wifi_mouse_server 1.7.8.5

Published Sep 19, 2022

Tracked Since Feb 18, 2026