6 Unfixed Vulnerabilities Identified in Remote Mouse Applications!

6 Unfixed Vulnerabilities Identified in Remote Mouse Applications!

On Wednesday, the security researcher finds out 6 unpatched flaws in remote mouse applications and they collectively named it Mouse Trap. These six zero-days vulnerabilities were discovered in the application identified as Remote Mouse and it will permit the attacks while executing the code without the user consent.

The expert also says that it is very clear that this application is very critical and it will put the user at risk while having a bad authentication process and lack of encryption is also founded with the poor default configuration.

6 Unfixed Vulnerabilities Identified in Remote Mouse Applications worked in iOS and Android!

Remote Mouse application is used in Android and iOS devices it will convert the mobile phone and tablets into a wireless mouse, trackpad, and keyboard for the systems. The application also provides the feature of voice typing, adjusting computer volumes, and switching between the applications that were configured in server runs on the machine.

However, this application is installed by 10 million users and the flaws identified are very critical. The experts say that the packets transmitted from the Android Application to Windows may permit the attacks to get the user’s data and hashed passwords. It will also render the suspect to a rainbow table0 and replay the commands that were sent to the device.

These 6 vulnerabilities discovered are listed as follow;

  • CVE-2021-27569: It will maximize or minimize the windows running process by transmitting the process name as the crafted packet.
  • CVE-2021-27570: It will close the running process by sending the process named in form of a specially crafted packet.
  • CVE-2021-27571: It will retrieve the recent used and running application and their file paths and icons.
  • CVE-2021-27572: It will overlap the authentication using packed replay and authorize the remote attacks to execute the arbitrary code that was crafted using the UDP packets even the device is password protected.
  • CVE-2021-27573: It will simply run the arbitrary code using the crafted UDP packets having no prior authentication or authorization.
  • CVE-2021-27574: It will carry out the software supply-chain-attack by misusing the cleartext HTTP to examine and request further updates while resulting in the scenario where the users may download the binary that was placed in the real update.

As per the investigation, the experts also said that reported bugs in the application Remote Mouse on the 6th of February 2021 and they notified the developers too but nothing comes from their end. 

Leave a Reply