Detections
Analytics

RustDesk API Admin Registration Enabled

medium Web App Scanning Plugin ID 114627

Language:

Synopsis

RustDesk API Admin Registration Enabled

Description

RustDesk is a remote access and control software that enables management of computers and other devices. RustDesk API Admin is a RESTful API allowing automation and integration of RustDesk functionality into other systems. The registration is enabled on the target API Admin interface, allowing a remote and unauthenticated attacker to self-register on the target instance and gain privileges on the vulnerable system.
Note that this detection is included in the Remote Access Tools category.

Solution

Disable self-registration on the target API admin interface.

See Also

https://rustdesk.com

https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/console/

Plugin Details

Severity: Medium

ID: 114627

Type: remote

Published: 3/11/2025

Updated: 3/11/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information