CVE-2022-25227

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE.
References
Link Resource
https://fluidattacks.com/advisories/clapton/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cybelesoft:thinfinity_vnc:4.0.0.1:*:*:*:*:*:*:*

Information

Published : 2022-05-20 12:15

Updated : 2022-06-01 03:11


NVD link : CVE-2022-25227

Mitre link : CVE-2022-25227

Products Affected
No products.
CWE