CVE-2023-31902

CRITICAL

RPA Technology Mobile Mouse 3.6.0.4 - RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-31902. PoCs published by Chokri Hammedi, h00die, CHOKRI HAMMEDI, including Metasploit module exploits/windows/misc/mobile_mouse_rce.

AI-analyzed exploit summary This exploit demonstrates a Remote Code Execution (RCE) vulnerability in Mobile Mouse 3.6.0.4 by sending crafted network packets to trigger arbitrary command execution via a file download and execution sequence.

Description

RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).

Exploits (2)

exploitdb WORKING POC

by Chokri Hammedi · pythonremotewindows

https://www.exploit-db.com/exploits/51010

View Code ZIP pw:eip

This exploit demonstrates a Remote Code Execution (RCE) vulnerability in Mobile Mouse 3.6.0.4 by sending crafted network packets to trigger arbitrary command execution via a file download and execution sequence.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mobile Mouse 3.6.0.4

No auth needed

Prerequisites: Network access to the target · Target running Mobile Mouse 3.6.0.4 · Attacker-controlled server to host payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC NORMAL

by h00die, CHOKRI HAMMEDI · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/mobile_mouse_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-31902 in Mobile Mouse Server by RPA Technologies, Inc., allowing remote code execution on unprotected servers (default configuration without a password). It leverages the server's protocol to deploy and execute a payload via a staged approach using certutil.exe.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mobile Mouse Server by RPA Technologies, Inc. (tested on 3.6.0.4)

No auth needed

Prerequisites: Target server running Mobile Mouse Server without a password · Network access to the target on port 9099

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51010

Third Party Advisory

https://www.redpacketsecurity.com/mobile-mouse-code-execution/

Scores

CVSS v3 9.8

EPSS 0.0868

EPSS Percentile 94.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

Status published

Products (1)

mobilemouse/mobile_mouse 3.6.0.4

Published May 17, 2023

Tracked Since Feb 18, 2026