CVE-2022-3365

Name of the Vulnerable Software and Affected Versions Remote Mouse Server by Emote Interactive version 4.110

Description The issue arises due to the product's reliance on a trivial substitution cipher sent in cleartext and its use of a default password when no password is set by the user. This allows attackers to inject OS commands over the product's custom control protocol.

Recommendations Remote Mouse Server by Emote Interactive version 4.110: Update the software to a version that does not rely on trivial substitution ciphers and default passwords, or set a strong custom password to mitigate the risk. As a temporary workaround, consider restricting access to the custom control protocol until a patch is available.