9.8
CVE-2025-66576
- EPSS 1.06%
- Veröffentlicht 04.12.2025 20:46:33
- Zuletzt bearbeitet 17.12.2025 16:21:58
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginRemote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Remotecontrolio ≫ Remote Keyboard Desktop Version1.0.1 SwPlatformwindows
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.06% | 0.6 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 8.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://www.exploit-db.com/exploits/52299
https://remotecontrolio.web.app/
https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare
https://www.vulncheck.com/advisories/remote-keyboard-desktop-101-remote-code-execution-rce