CVE-2022-45482

Summary

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Software

VendorProductVersion RangeStatus
thisAAYLazy Mouse<= 2.0.1affected

Weaknesses

  • CWE-521: CWE-521: Weak Password Requirements

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References