cbcvebase.
CVE-2022-4978
published 2025-07-23

CVE-2022-4978: Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default…

PriorityP277critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.56%
72.1th percentile
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.

Affected

1 ranges
VendorProductVersion rangeFixed in
steppschuhremote_control_collection_server

Detection & IOCsextracted from sources · hover to see the quote

versionRemote Control Server 3.1.1.12
otherUDP control protocol - Remote Control Server custom protocol
  • Detect unauthenticated UDP keystroke command sequences sent to Remote Control Server; monitor for unexpected shell process spawning (e.g., cmd.exe, powershell.exe) originating from the Remote Control Server process.
  • Flag Remote Control Server instances running without a password (default configuration), as exploitation requires no authentication and is trivially achievable from the local network.
  • Monitor for Metasploit module 'exploits/windows/misc/remote_control_collection_rce' usage targeting Remote Control Server instances on the local network segment.
  • ·The vulnerability is only exploitable when the Remote Control Server is running without a password, which is the default configuration. Enabling password authentication mitigates the attack vector.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.