Detections
Analytics

RustDesk API Admin Detected

medium Web App Scanning Plugin ID 114626

Language:

Synopsis

RustDesk API Admin Detected

Description

RustDesk is a remote access and control software that enables management of computers and other devices. RustDesk API Admin is a RESTful API allowing automation and integration of RustDesk functionality into other systems. By levegaring this service, a remote and unauthenticated attacker could use some techniques, such as a Brute-Force or Dictionary Attack, in order to gain access to administrative functionality.
Note that this detection is included in the Remote Access Tools category.

Solution

Restrict access to administrative functionality using, for example, a .htaccess file and limiting access to known IP Addresses.

See Also

https://rustdesk.com

https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/console/

Plugin Details

Severity: Medium

ID: 114626

Type: remote

Published: 3/11/2025

Updated: 3/11/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information