CRITICAL🇵🇱 Wersja polska

CVE-2022-3365

CVSS 9.8v3.1pub. 2025-01-28upd. 2026-04-15

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.

🤖 AI Analysis
How it works

The application bases communication on a custom control protocol in which data is secured only by a trivial substitution cipher (CWE-327 – use of weak cryptographic algorithm), and the entire transmission is in plain text. When a user does not set their own password, the server uses a default, publicly known password. An attacker can construct an appropriate payload and inject it into the control protocol, causing arbitrary system commands to be executed on the machine running the server. A Metasploit module was developed and tested for this vulnerability.

Impact

An attacker without any privileges and without user interaction can remotely execute arbitrary operating system commands on a device running Remote Mouse Server, resulting in complete loss of confidentiality, integrity, and availability of the system.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. As temporary remedial measures, it is recommended to set a strong password in the server configuration, restrict network access to the Remote Mouse Server service (firewall, network segmentation), and disable the server if it is not actively in use.

Who is affected

Remote Mouse Server by Emote Interactive – confirmed for version 4.110 (current at the time of CVE disclosure); earlier versions may also be vulnerable

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References