CVE-2022-3218

CRITICAL

WiFi Mouse - RCE

Title source: llm

Description

Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.

Exploits (4)

exploitdb WORKING POC VERIFIED

by RedHatAugust · pythonremotewindows

https://www.exploit-db.com/exploits/50972

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by H4rk3nz0 · pythonremotewindows

https://www.exploit-db.com/exploits/49601

View Code ZIP pw:eip

nomisec WORKING POC

by MoisesTapia · poc

https://github.com/MoisesTapia/cve-2022-3218

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by h00die, REDHATAUGUST, H4RK3NZ0 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/wifi_mouse_rce.rb

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/168509/WiFi-Mouse-1.8.3.4-Remote-Code-Execution.html

[Exploit, Third Party Advisory] https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/wifi%20mouse/wifi-mouse-server-rce.py

[Patch, Third Party Advisory] https://github.com/rapid7/metasploit-framework/pull/16985

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49601

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50972

Scores

CVSS v3 9.8

EPSS 0.8462

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-603 CWE-287

Status published

Products (1)

necta/wifi_mouse_server 1.7.8.5

Published Sep 19, 2022

Tracked Since Feb 18, 2026