Critical severityNVD Advisory· Published Jul 23, 2025· Updated Apr 15, 2026

CVE-2022-4978

Description

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/remote_control_collection_rce.rbnvd
remote-control-collection.comnvd
www.vulncheck.com/advisories/steppschuh-remote-control-server-unauth-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.026
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000