CVE-2026-30784
Missing Authentication in RustDesk Server Enables Privilege Abuse
Publication date: 2026-03-05
Last updated on: 2026-03-25
Assigner: VULSec Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustdesk | rustdesk_server | to 1.7.5 (inc) |
| rustdesk | rustdesk_server | to 1.1.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization and Missing Authentication issue in the RustDesk Server components, specifically in the rendezvous server (hbbs) and relay server (hbbr) modules. It affects all server platforms running rustdesk-server or rustdesk-server-pro through versions 1.7.5 and 1.1.15. The problem lies in certain program files and routines, such as handle_punch_hole_request() and RegisterPeer handler, which allow an attacker to abuse privileges by bypassing necessary authentication or authorization checks for critical functions.
How can this vulnerability impact me? :
Because this vulnerability allows privilege abuse due to missing authentication and authorization, an attacker could potentially perform unauthorized actions on the RustDesk Server. This could lead to unauthorized access to communication sessions, manipulation of server functions, or interception of connections that rely on the rendezvous and relay servers. Such impacts could compromise the confidentiality and integrity of communications facilitated by RustDesk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the RustDesk Server components hbbs (rendezvous server) and hbbr (relay server) on specific TCP and UDP ports. To detect potential exploitation or presence of the vulnerable services on your network, you can scan for open ports associated with RustDesk Server.
- Use a port scanning tool like nmap to check for open RustDesk server ports: nmap -p 21114-21119,21116/udp <target-ip>
- Check running processes on the server for rustdesk-server binaries (hbbs, hbbr) using commands like: ps aux | grep rustdesk
- Monitor network traffic on the RustDesk ports (TCP 21114-21119 and UDP 21116) for unusual or unauthorized requests, especially those related to signaling and relay functions.
Since the vulnerability involves missing authorization and authentication in critical functions, reviewing server logs for unexpected or unauthorized peer registration or relay forwarding requests may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the RustDesk server ports to trusted networks only, as the vulnerability allows privilege abuse via missing authentication and authorization.
- Implement firewall rules to limit inbound traffic on TCP ports 21114-21119 and UDP port 21116 to known and trusted IP addresses.
- If possible, disable or restrict the vulnerable modules (hbbs and hbbr) until a patched version is available.
- Monitor server logs for suspicious activity related to peer registration and relay forwarding.
Ultimately, update RustDesk Server to a version later than 1.7.5 (or 1.1.15 for the affected components) once a fix is released to fully remediate the vulnerability.