CVE-2022-4978

Name of the Vulnerable Software and Affected Versions Remote Control Server versions 3.1.1.12

Description Remote Control Server, maintained by Steppschuh, allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.