#VU22352 Embedded malicious code (backdoor) in js-rha3
Published: October 29, 2019
Vulnerability identifier: #VU22352
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
js-rha3
js-rha3
Software vendor:
Andre Eleuterio
Andre Eleuterio
Description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that was designed to target the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..