What the vulnerability does

01Description

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Key dates

02Disclosure timeline

December 2, 2022 CVE published
April 24, 2025 Record updated