H4Rk3Nz0

**Name of the Vulnerable Software and Affected Versions** Unified Remote version 3.9.0.2463 **Description** The software contains a remote code execution issue that allows attackers to execute arbitrary commands. An attacker can exploit the service by connecting to port `9512` and sending specially crafted network packets. This allows the attacker to open a command prompt and download and execute malicious payloads. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Remote Control Server versions 3.1.1.12 **Description** Remote Control Server, maintained by Steppschuh, allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unified Remote version 3.13.0 **Description** The issue allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the "Remote upload endpoint". **Recommendations** For Unified Remote version 3.13.0, consider disabling the Remote upload endpoint until a patch is available to prevent the execution of arbitrary Lua code.

**Name of the Vulnerable Software and Affected Versions** Unified Remote (affected versions not specified) **Description** The web management interface for Unified Intents' Unified Remote solution does not require authentication, allowing a remote, unauthenticated attacker to change or disable authentication requirements for the Unified Remote protocol. This can be leveraged to run code of the attacker's choosing. The issue is related to an incorrect authorization procedure in the web management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WiFi Mouse (Mouse Server) from Necta LLC (affected versions not specified) **Description** The issue arises due to the WiFi Mouse (Mouse Server)'s reliance on client-side authentication, which allows its authentication mechanism to be easily bypassed. This bypass can lead to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.