CVE-2022-4978
published 2025-07-23CVE-2022-4978: Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default…
PriorityP277critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.56%
72.1th percentile
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| steppschuh | remote_control_collection_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated UDP keystroke command sequences sent to Remote Control Server; monitor for unexpected shell process spawning (e.g., cmd.exe, powershell.exe) originating from the Remote Control Server process. ↗
- →Flag Remote Control Server instances running without a password (default configuration), as exploitation requires no authentication and is trivially achievable from the local network. ↗
- →Monitor for Metasploit module 'exploits/windows/misc/remote_control_collection_rce' usage targeting Remote Control Server instances on the local network segment. ↗
- ·The vulnerability is only exploitable when the Remote Control Server is running without a password, which is the default configuration. Enabling password authentication mitigates the attack vector. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-23
Published