Gosh

**Name of the Vulnerable Software and Affected Versions** Mini Mouse version 9.3.0 **Description** The software contains a path traversal issue that allows attackers to access sensitive system directories. Attackers can retrieve file lists from system directories such as /usr, /etc, and /var by manipulating file path parameters in API requests to the device information endpoint `/device-info`. The vulnerable parameter is the file path parameter. **Recommendations** Apply any available updates to address the path traversal issue in version 9.3.0.

**Name of the Vulnerable Software and Affected Versions** Mini Mouse version 9.2.0 **Description** The software contains a path traversal flaw that enables remote attackers to access arbitrary system files and directories via specially crafted HTTP requests. Attackers can obtain sensitive files, such as `win.ini`, and list the contents of system directories, like C:UsersPublic, by manipulating file and path parameters. The vulnerability is triggered by manipulating the `file` and `path` parameters in HTTP requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mini Mouse version 9.2.0 **Description** The software contains a remote code execution issue that allows attackers to execute arbitrary commands. This is possible through an unauthenticated HTTP endpoint, specifically the `/op=command` endpoint. Attackers can send crafted JSON requests containing malicious script commands to download and execute payloads. The vulnerability does not require authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.