QwikSec

Security Database

CVE

CWE

Training

CVE-2022-4978

Published: Jul 23, 2025

Modified: Jul 23, 2025

PUBLISHED

Description

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.

Vendor	Product	Versions
Steppschuh	Remote Control Collection Server	affected `3.1.1.12`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/remote_control_collection_rce.rb

exploit

https://remote-control-collection.com/

product

https://www.vulncheck.com/advisories/steppschuh-remote-control-server-unauth-rce

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.