OFFSITE.DARK
← Signals

Jun 29, 2026

2 min

Sploitus

  • peyara
  • rce
  • websocket
  • windows
  • remote-access

news

Peyara Remote Mouse 1.0.1 Unauthenticated RCE

WebSocket keyboard simulation on port 1313 chains to arbitrary commands; indexed PoCs include Python and LNK upload variants.

Summary

Peyara Remote Mouse v1.0.1 (peyara-remote-mouse.vercel.app) is an open-source Wi-Fi mouse/keyboard server for Windows/macOS/Linux with unauthenticated remote code execution via the WebSocket command interface on port 1313. PoCs (capture0x/Peyara, capture0x/Peyara-FileUpload) and Rapid7's Metasploit module exploit/windows/misc/peyara_remote_mouse_rce demonstrate command execution without authentication.

Upstream desktop client: ayonshafiul/peyara-mouse-client. v1.0.1 is the vulnerable desktop line called out in public exploits (current site also lists v2.0.4 — verify version separately).

Key Findings

FindingDetail
Affected version (indexed)Peyara Remote Mouse v1.0.1 (Windows)
SurfaceWebSocket keyboard events + HTTP :1313/upload
AuthNone on command channel
PoC pathsKeyboard chaining to cmd/powershell; malicious LNK upload + execution
Attacker positionLAN or exposed 1313/tcp

Attack Chain

Connect ws://target:1313
        ↓
Send crafted keyboard event sequence (Win+R, cmd, commands…)
        ↓
Arbitrary command execution as desktop user
Alternate: POST /upload evil.lnk → trigger execution via keyboard automation

Impact

Full workstation compromise for users running the vulnerable server on reachable networks — common in home-lab and convenience-remote-desktop scenarios.

Mitigation

  1. Upgrade to a patched Peyara release if available; otherwise stop exposing port 1313 to untrusted networks.
  2. Firewall block 1313/tcp from non-management VLANs.
  3. Inventory for Peyara/Remote Mouse listeners in enterprise egress and LAN scans.

Related Signals

Sources

→ Source