CVE-2022-3365

CVE-2022-3365: Emote Interactive Remote Mouse Server command injection due to weak encoding

Vendor Emote Interactive
Product Remote Mouse Server
Weakness CWE-327 · Broken crypto
Published January 28, 2025
Last update January 28, 2025

CVSS base score

What the vulnerability does

01Description

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.

Key dates

02Disclosure timeline

January 28, 2025 CVE published
January 28, 2025 Record updated