CVE-2022-4978
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| steppschuh | remote_control_server | 3.1.1.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Remote Control Server version 3.1.1.12, where if authentication is disabled (which is the default), an attacker on the same network can send remote keyboard input events via a custom UDP-based control protocol without any verification. This allows the attacker to execute arbitrary commands remotely, leading to full system compromise.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain full control over the affected system by executing arbitrary commands remotely without authentication. This can lead to unauthorized access, data theft, system manipulation, or disruption of services.