Associated Vulnerability
Title:NVDA 安全漏洞 (CVE-2025-26326)Description:NVDA(Nonvisual Desktop Access)是NV Access开源的一个非视觉桌面访问系统。 NVDA 2024.4.1版本和2024.4.2版本存在安全漏洞,该漏洞源于远程连接组件接受弱密码,可能导致系统被完全控制。
Description
Critical security vulnerability in NVDA remote connection add-ons.
Readme
# CVE-2025-26326
Critical security vulnerability in NVDA remote connection add-ons.
# NVDA Remote Access Vulnerability Report
## Description
Critical security vulnerability in NVDA's remote connection add-ons.
## Vulnerability Details
**A vulnerability in the remote connection complements of NVDA (Nonvisual Desktop Access) was identified, allowing an attacker to obtain total control of the remote system by guessing a weak password.**
The problem occurs because the add-ons accept any password typed by the user and do not have an additional authentication or checking mechanism by the accessed computer.
Tests indicate that over 1,000 systems use easily guessable passwords, many with only 4 to 6 characters, including common sequences. This enables brute force or trial-and-error attacks by malicious actors.
A remote attacker who knows or can guess the connection password can gain complete access to the affected system, execute commands, modify files, and compromise user security.
## Additional Information
Nonvisual Desktop Access (NVDA) is a free, open-source, and portable screen reader for Microsoft Windows. The project was created in 2006 by Michael Curran.
## Vulnerability Type
- Incorrect Access Control
## Vendor of Product
- [nvaccess.org](https://www.nvaccess.org)
## Affected Product Code Base
- NVDA, versions 2024.4.2, 2024.4.1 - **All versions affected, no fix available**
## Affected Components
- NVDA Add-on
- nvda.exe
## Attack Type
- Remote
## Impact
- **Code Execution:** True
- **Escalation of Privileges:** True
- **Information Disclosure:** True
## Attack Vectors
1. Install NVDA on the target machine.
2. Open the NVDA Add-ons Store by pressing `Insert + N` and navigating to `Tools > Add-ons Store`.
3. In the store, locate and install an add-on such as **"NVDA Remote"** or **"Tele NVDA Remote"**.
4. Go to `Insert + N > Tools > Remote > Connect > Control another computer`.
5. Enter a remote address (e.g., `nvdaremote.com`, `telenvda remote`, or `nvdaremote.es`) and input any password between **1 to 6 characters long**, preferably an easily guessable one (e.g., "1234").
6. Click **OK** to initiate a connection to the target machine.
7. Once the connection is established, press **F11** to gain complete control over the target computer.
8. **Note:** The target user must have enabled the **"Control my computer"** option under `Tools > Remote > Control my computer` for the attack to succeed.
## Reference
- [NV Access](https://www.nvaccess.org)
## Discoverer
- **Juan Mathews Rebello Santos**
- [LinkedIn](https://linkedin.com/in/juan-mathews-rebello-santos-)
- [GitHub](https://github.com/azurejoga/)
File Snapshot
[4.0K] /data/pocs/dbbc27c80d797e790b6188d3ac2efe3cc85b478d
└── [2.6K] README.md
0 directories, 1 file
Remarks
1. It is advised to access via the original source first.
2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.