CVE-2024-52940

HIGH

AnyDesk <= 8.1.0 - Sensitive Information Exposure via Direct Connection Traffic

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-52940. PoCs published by ebrasha, MKultra6969.

AI-analyzed exploit summary This PoC monitors network connections for AnyDesk to detect remote IP leakage by filtering TCP/UDP connections associated with the AnyDesk process. It highlights non-standard ports (excluding 443/80) and UDP port 7070, indicating potential exposure of remote IPs.

Description

AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.

Exploits (2)

nomisec WORKING POC 33 stars
by ebrasha · poc
https://github.com/ebrasha/abdal-anydesk-remote-ip-detector

This PoC monitors network connections for AnyDesk to detect remote IP leakage by filtering TCP/UDP connections associated with the AnyDesk process. It highlights non-standard ports (excluding 443/80) and UDP port 7070, indicating potential exposure of remote IPs.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: AnyDesk (version not specified)
No auth needed
Prerequisites: AnyDesk running on the target system · Local execution privileges
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by MKultra6969 · poc
https://github.com/MKultra6969/AnySniff

This PoC monitors TCP connections of targeted processes (e.g., AnyDesk) on Windows, leveraging CVE-2024-52940 to log IP addresses, ports, and process details. It uses netstat and tasklist commands to gather connection data and enriches it with geolocation information from ip-api.com.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: AnyDesk up to version 8.1.0 on Windows
No auth needed
Prerequisites: Windows OS · AnyDesk with 'Allow direct connections' enabled · Python 3.x with pyfiglet and colorama libraries
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0118
EPSS Percentile 63.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-532
Status published
Published Nov 18, 2024
Tracked Since Feb 18, 2026