CVE-2022-4978
23.07.2025, 14:15
Remote Control Server, maintained bySteppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.
Awaiting analysis
This vulnerability is currently awaiting analysis.