Another RCE vulnerability in KensingtonWorks

guest · Sep 30, 2020

It's 2020 so not only is your mouse config tool a Node.JS Electron app, it's also pwnable by an evil webpage
Malicious JavaScript can inject commands to execute
September 30, 2020
https://www.theregister.com/2020/09/30/kensingtonworks_mouse_flaw/

Earlier this year, peripheral maker Kensington patched its desktop software to close a vulnerability that could have been exploited by malicious websites to quietly hijack victims' computers.

Now the programmer who found this remote-code-execution hole, and reported it to the manufacturer, has identified a similarly serious flaw that's yet to be addressed.
He suggested these flaws would be fairly easy to exploit.
Click to expand...

KensingtonWorks, which debuted in January, is an app for customizing the functions of peripherals like Kensington trackballs and mice. It’s based on the Electron framework, which allows developers to create cross-platform desktop apps using JavaScript, Node.js, and other web technologies.

“I don’t think the root cause is anything to do with Electron,” he told The Register. “The problem is running a local web server and not securing it – the fact that the app has an Electron frontend doesn’t affect this. [...]”
These shoddy design choices make KensingtonWorks an easy target, he argued in his post.
Click to expand...

Another RCE vulnerability in KensingtonWorks

A few months ago I published a remote code execution (RCE) vulnerability in KensingtonWorks. KensingtonWorks is a tool made by a company called Kensington for adding power-user features to mice. Kensington fixed this flaw, but I’ve found another RCE that, as of time of publishing, remains unpatched.
Like the previous vulnerability I reported, an attacker exploits this one by luring a victim to a malicious webpage.

In this post we’ll look at how the second vulnerability works, and see the ways in which it’s a direct consequence of Kensington’s inadequate fix to the first.
Click to expand...

Log in or Sign up

Another RCE vulnerability in KensingtonWorks

guest Guest

Log in or Sign up

Another RCE vulnerability in KensingtonWorks

guest Guest

Useful Searches