PT-2026-23459 · Rustdesk · Rustdesk Client
Erez Kalman
·
Publicado
2026-03-05
·
Atualizado
2026-03-05
·
CVE-2026-30794
CVSS v4.0
9.1
Crítica
| Vetor | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
RustDesk Client versions through 1.4.5
Description
An improper certificate validation issue exists in the RustDesk Client, potentially allowing an Adversary in the Middle (AiTM) attack. The issue is related to the handling of TLS retries and the use of
danger accept invalid certs(true) within the http client.Rs file. This affects the HTTP API client and TLS transport modules on Windows, MacOS, Linux, iOS, and Android.Recommendations
Update RustDesk Client to a version later than 1.4.5.
Exploit
Correção
Improper Certificate Validation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rustdesk Client