Security News > 2021 > May > 6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS
As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction.
The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration."
Remote Mouse is a remote control application for Android and iOS that turns mobile phones and tablets into a wireless mouse, keyboard, and trackpad for computers, with support for voice typing, adjusting computer volume, and switching between applications with the help of a Remote Mouse server installed on the machine.
CVE-2021-27572: An authentication bypass via packet replay, allowing remote unauthenticated users to execute arbitrary code via crafted UDP packets even when passwords are set.
Persinger said he reported the flaws to Remote Mouse on Feb. 6, 2021, but noted he "Never received a response from the vendor," forcing him to publicly reveal the bugs following the 90-day disclosure deadline.
We have reached out to the developers of Remote Mouse, and we will update the story if we hear back.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-07 | CVE-2021-27572 | Authentication Bypass by Capture-replay vulnerability in Remotemouse Emote Remote Mouse An issue was discovered in Emote Remote Mouse through 4.0.0.0. | 6.8 |