CVE-2022-45477

CRITICAL

telepad < 1.0.7 - Unauthenticated Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-45477. PoCs published by M507.

AI-analyzed exploit summary This repository contains a README referencing multiple CVEs related to remote code execution vulnerabilities in mouse and keyboard applications. It provides a link to the Synopsys CyRC advisory but does not include exploit code or scripts.

Description

Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploits (1)

nomisec WRITEUP 16 stars

by M507 · poc

https://github.com/M507/nmap-vulnerability-scan-scripts

View Code ZIP pw:eip

This repository contains a README referencing multiple CVEs related to remote code execution vulnerabilities in mouse and keyboard applications. It provides a link to the Synopsys CyRC advisory but does not include exploit code or scripts.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Theoretical

Reliability

Theoretical

Target: Mouse and keyboard applications (specific versions not listed)

No auth needed

Prerequisites: None specified

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/

Scores

CVSS v3 9.8

EPSS 0.0222

EPSS Percentile 80.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

telepad-app/telepad < 1.0.7

Published Dec 05, 2022

Tracked Since Feb 18, 2026