CVE-2022-3365 Information

Description

Due to reliance on a trivial substitution cipher sent in cleartext and the reliance on a default password when the user does not set a password the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct’s custom control protocol. A Metasploit module was written and tested against version 4.110 the current version when this CVE was reserved.

Reference

https://github.com/rapid7/metasploit-framework/pull/17067