CVE-2022-4978 Information

Description

Remote Control Server maintained by Steppschuh 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands resulting in full system compromise.

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/remote_control_collection_rce.rb https://remote-control-collection.com/ https://www.vulncheck.com/advisories/steppschuh-remote-control-server-unauth-rce