CVE-2023-31902
Published: 17 May 2023
Summary
CVE-2023-31902 is a critical-severity an unspecified weakness vulnerability in Mobilemouse Mobile Mouse. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
RPA Technology Mobile Mouse version 3.6.0.4 is affected by a remote code execution vulnerability. The flaw resides in the application's network-exposed remote control functionality and carries a CVSS 3.1 score of 9.8, reflecting network attack vector, low attack complexity, and no required authentication or user interaction.
An unauthenticated remote attacker can send specially crafted input to the service and achieve arbitrary code execution on the host, resulting in complete control over the confidentiality, integrity, and availability of the system.
Public exploit code has been published on Exploit-DB, and the vulnerability maintains a high EPSS score with a recorded peak of 0.7252 and current value of 0.6650. No vendor advisory or patch information appears among the referenced sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-36191
Vulnerability details
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.