- peyara
- rce
- websocket
- windows
- remote-access
news
Peyara Remote Mouse 1.0.1 Unauthenticated RCE
WebSocket keyboard simulation on port 1313 chains to arbitrary commands; indexed PoCs include Python and LNK upload variants.
Summary
Peyara Remote Mouse v1.0.1 (peyara-remote-mouse.vercel.app) is an open-source Wi-Fi mouse/keyboard server for Windows/macOS/Linux with unauthenticated remote code execution via the WebSocket command interface on port 1313. PoCs (capture0x/Peyara, capture0x/Peyara-FileUpload) and Rapid7's Metasploit module exploit/windows/misc/peyara_remote_mouse_rce demonstrate command execution without authentication.
Upstream desktop client: ayonshafiul/peyara-mouse-client. v1.0.1 is the vulnerable desktop line called out in public exploits (current site also lists v2.0.4 — verify version separately).
Key Findings
| Finding | Detail |
|---|---|
| Affected version (indexed) | Peyara Remote Mouse v1.0.1 (Windows) |
| Surface | WebSocket keyboard events + HTTP :1313/upload |
| Auth | None on command channel |
| PoC paths | Keyboard chaining to cmd/powershell; malicious LNK upload + execution |
| Attacker position | LAN or exposed 1313/tcp |
Attack Chain
Connect ws://target:1313
↓
Send crafted keyboard event sequence (Win+R, cmd, commands…)
↓
Arbitrary command execution as desktop user
Alternate: POST /upload evil.lnk → trigger execution via keyboard automation
Impact
Full workstation compromise for users running the vulnerable server on reachable networks — common in home-lab and convenience-remote-desktop scenarios.
Mitigation
- Upgrade to a patched Peyara release if available; otherwise stop exposing port 1313 to untrusted networks.
- Firewall block 1313/tcp from non-management VLANs.
- Inventory for Peyara/Remote Mouse listeners in enterprise egress and LAN scans.