Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Link | Resource |
---|---|
https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/ | Third Party Advisory |
Configurations
History
05 Dec 2022, 18:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Lazy Mouse Project lazy Mouse
Lazy Mouse Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://www.synopsys.com/blogs/software-security/cyrc-advisory-remote-code-execution-vulnerabilities-mouse-keyboard-apps/ - Third Party Advisory | |
CPE | cpe:2.3:a:lazy_mouse_project:lazy_mouse:*:*:*:*:*:*:*:* | |
CWE | CWE-521 |
02 Dec 2022, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-02 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45482
Mitre link : CVE-2022-45482
CVE.ORG link : CVE-2022-45482
JSON object : View
Products Affected
lazy_mouse_project
- lazy_mouse
CWE
CWE-521
Weak Password Requirements