Skip to content
/ MouseTrap Public

MouseTrap is a suite of vulernabilities/exploit that targets the RemoteMouse application and server.

License

MIT license
19 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CuckooEXE/MouseTrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
analysis
analysis
 
 
imgs
imgs
 
 
mitm
mitm
 
 
scanning
scanning
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mousetrap.py
mousetrap.py
 
 

Repository files navigation

MouseTrap

MouseTrap is a suite of vulernabilities/exploit that targets the RemoteMouse application and server. As of release date 05/06/2021, the vulnerabilities have not been patched.

MouseTrap

Vulnerabilities

It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration. With 10,000,000+ downloads on the Android App Store alone, there are a lot of oblivious users who could be completely owned without ever realizing. Here are the vulnerabilities/weaknesses documented:

  • CVE-2021-27569: An issue was discovered in Emote Remote Mouse through 3.015. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic.
  • CVE-2021-27570: An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic.
  • CVE-2021-27571: An issue was discovered in Emote Remote Mouse through 3.015. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.
  • CVE-2021-27572: An issue was discovered in Emote Remote Mouse through 3.015. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.
  • CVE-2021-27573: An issue was discovered in Emote Remote Mouse through 3.015. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication.
  • CVE-2021-27574: An issue was discovered in Emote Remote Mouse through 3.015. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.

Writeup

Please refer to my blog for the full writeup.

Special Thanks

Special thanks to Matt Matteis for reviewing this report and guiding me through the disclosure process.

Another special thanks to Kieran London, without him I would have never figured out a bug in my mapping of the targets in the Analysis section.

About

MouseTrap is a suite of vulernabilities/exploit that targets the RemoteMouse application and server.

Resources

Readme

License

MIT license
Activity

Stars

19 stars

Watchers

4 watching

Forks

3 forks
Report repository

Languages