Security News > 2021 > May > 6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS
2021-05-07 06:20

As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction.

The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration."

Remote Mouse is a remote control application for Android and iOS that turns mobile phones and tablets into a wireless mouse, keyboard, and trackpad for computers, with support for voice typing, adjusting computer volume, and switching between applications with the help of a Remote Mouse server installed on the machine.

CVE-2021-27572: An authentication bypass via packet replay, allowing remote unauthenticated users to execute arbitrary code via crafted UDP packets even when passwords are set.

Persinger said he reported the flaws to Remote Mouse on Feb. 6, 2021, but noted he "Never received a response from the vendor," forcing him to publicly reveal the bugs following the 90-day disclosure deadline.

We have reached out to the developers of Remote Mouse, and we will update the story if we hear back.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/DOflbA-Fhrw/6-unpatched-flaws-disclosed-in-remote.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-07 CVE-2021-27572 Authentication Bypass by Capture-replay vulnerability in Remotemouse Emote Remote Mouse
An issue was discovered in Emote Remote Mouse through 4.0.0.0.
network
high complexity
remotemouse CWE-294
8.1