关联漏洞
标题:
N/A
(CVE-2025-26326)
描述:在NVDA(非视觉桌面访问)2024.4.1和2024.4.2版本的远程连接组件中发现了一个漏洞,该漏洞允许攻击者在猜出弱密码后获得远程系统的完全控制权。问题在于这些组件接受用户输入的任何密码,并且没有额外的身份验证或检查机制。测试表明,超过1,000个系统使用易于猜测的密码,许多密码长度小于4到6个字符,包括常见的字符序列。这使得恶意入侵者可以进行暴力破解或尝试错误攻击。漏洞可以通过远程攻击者来利用,该攻击者知道或可以猜测连接所使用的密码。结果,入侵者可以获得受影响系统的完全访问权限,并可以运行命令、修改文件和破坏用户安全。
描述
Critical security vulnerability in NVDA remote connection add-ons.
介绍
# CVE-2025-26326
Critical security vulnerability in NVDA remote connection add-ons.
# NVDA Remote Access Vulnerability Report
## Description
Critical security vulnerability in NVDA's remote connection add-ons.
## Vulnerability Details
**A vulnerability in the remote connection complements of NVDA (Nonvisual Desktop Access) was identified, allowing an attacker to obtain total control of the remote system by guessing a weak password.**
The problem occurs because the add-ons accept any password typed by the user and do not have an additional authentication or checking mechanism by the accessed computer.
Tests indicate that over 1,000 systems use easily guessable passwords, many with only 4 to 6 characters, including common sequences. This enables brute force or trial-and-error attacks by malicious actors.
A remote attacker who knows or can guess the connection password can gain complete access to the affected system, execute commands, modify files, and compromise user security.
## Additional Information
Nonvisual Desktop Access (NVDA) is a free, open-source, and portable screen reader for Microsoft Windows. The project was created in 2006 by Michael Curran.
## Vulnerability Type
- Incorrect Access Control
## Vendor of Product
- [nvaccess.org](https://www.nvaccess.org)
## Affected Product Code Base
- NVDA, versions 2024.4.2, 2024.4.1 - **All versions affected, no fix available**
## Affected Components
- NVDA Add-on
- nvda.exe
## Attack Type
- Remote
## Impact
- **Code Execution:** True
- **Escalation of Privileges:** True
- **Information Disclosure:** True
## Attack Vectors
1. Install NVDA on the target machine.
2. Open the NVDA Add-ons Store by pressing `Insert + N` and navigating to `Tools > Add-ons Store`.
3. In the store, locate and install an add-on such as **"NVDA Remote"** or **"Tele NVDA Remote"**.
4. Go to `Insert + N > Tools > Remote > Connect > Control another computer`.
5. Enter a remote address (e.g., `nvdaremote.com`, `telenvda remote`, or `nvdaremote.es`) and input any password between **1 to 6 characters long**, preferably an easily guessable one (e.g., "1234").
6. Click **OK** to initiate a connection to the target machine.
7. Once the connection is established, press **F11** to gain complete control over the target computer.
8. **Note:** The target user must have enabled the **"Control my computer"** option under `Tools > Remote > Control my computer` for the attack to succeed.
## Reference
- [NV Access](https://www.nvaccess.org)
## Discoverer
- **Juan Mathews Rebello Santos**
- [LinkedIn](https://linkedin.com/in/juan-mathews-rebello-santos-)
- [GitHub](https://github.com/azurejoga/)
文件快照
[4.0K] /data/pocs/dbbc27c80d797e790b6188d3ac2efe3cc85b478d
└── [2.6K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。