Ultravnc · Ultravnc Repeater · CVE-2016-5673
**Name of the Vulnerable Software and Affected Versions**
UltraVNC Repeater versions prior to 1300
**Description**
The issue allows remote attackers to obtain open-proxy functionality. This is achieved by using a :: substring in between the IP address and port number, as the software does not restrict destination IP addresses or TCP ports.
**Recommendations**
For versions prior to 1300, restrict destination IP addresses and TCP ports to prevent open-proxy functionality. As a temporary workaround, consider restricting access to the repeater functionality until a patch is available.