vendor:
Prowise Reflect
by:
Rik Lutz
N/A
CVSS
HIGH
Remote Keystroke Injection
94
CWE
Product Name: Prowise Reflect
Affected Version From: V1.0.9
Affected Version To: V1.0.9
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 10
2022
Prowise Reflect v1.0.9 – Remote Keystroke Injection
Prowise Reflect software version 1.0.9 for Windows is vulnerable to a remote keystroke injection. The exploit works either over the network (when port 8082 is exposed) or by visiting a malicious website. The exploit allows the attacker to inject keystrokes into the target system. The provided Proof of Concept (POC) contains a malicious webpage that demonstrates the exploit.
Mitigation:
The vendor should release a patch to fix this vulnerability. In the meantime, users are advised to ensure that port 8082 is not exposed to the internet and to be cautious when visiting unknown websites.