CVE-2022-4978

CRITICAL

Remote Control Server 3.1.1.12 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-4978. PoCs published by h00die, H4rk3nz0, including Metasploit module exploits/windows/misc/remote_control_collection_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2022-4978 in Remote Control Collection by leveraging UDP-based key injection to open a command prompt, download a payload via HTTP, and execute it on the target system. It requires no authentication and targets default configurations.

Description

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.

Exploits (1)

metasploit WORKING POC NORMAL

by h00die, H4rk3nz0 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/remote_control_collection_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2022-4978 in Remote Control Collection by leveraging UDP-based key injection to open a command prompt, download a payload via HTTP, and execute it on the target system. It requires no authentication and targets default configurations.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Remote Control Collection 3.1.1.12

No auth needed

Prerequisites: Network access to UDP port 1926 · Target system with Remote Control Collection running in default configuration (no password)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/remote_control_collection_rce.rb

Various Sources product

https://remote-control-collection.com/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/steppschuh-remote-control-server-unauth-rce

Scores

CVSS v4 9.3

EPSS 0.0194

EPSS Percentile 77.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306 CWE-78

Status published

Products (1)

Steppschuh/Remote Control Collection Server 3.1.1.12

Published Jul 23, 2025

Tracked Since Feb 18, 2026