Steppschuh Remote Control Server Unauthenticated Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Steppschuh's Remote Control Server version 3.1.1.12. This issue arises when authentication is disabled, which is the default setting. The server uses a custom UDP-based control protocol that allows remote keyboard input events to be sent without any verification. An attacker on the same network can exploit this by sending a series of keystroke commands to open a system shell and execute arbitrary commands, leading to full system compromise.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected system.

Reproduction

The vulnerability can be reproduced by sending UDP packets that simulate keyboard input events to the Remote Control Server. This can be done using the Metasploit Framework, specifically the 'Remote Control Collection RCE' module. The module uploads a payload to the target machine and executes it, taking advantage of the server's default configuration that allows unauthenticated access.