Executive Risk Summary
"A Cleartext Transmission of Sensitive Information vulnerability in RustDesk Server Pro allows sniffing attacks, potentially exposing sensitive information. This vulnerability affects RustDesk Server Pro versions through 1.7.5, and is associated with the program's heartbeat sync and API endpoint handling."
Anticipated Attack Path
- 1. An attacker intercepts the plaintext preset-address-book-password
- 2. The attacker uses the intercepted password to access the address book
- 3. The attacker exploits the accessed address book to gain further unauthorized access
Am I Vulnerable?
- Is RustDesk Server Pro version 1.7.5 or earlier in use?
- Is the address book sync API module enabled?
- Is the preset-address-book-password transmitted in plaintext?
Operational Audit Arsenal
Target Type API endpoint
Target Asset Heartbeat API handler
Standard Path Management Plane / API
Manual Verification Required
This is a non-Windows asset (RustDesk). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Unlikely
Minimal, as the patch only affects the address book sync API module
Internal Work Notes
CVE-2026-30796: Cleartext Transmission of Sensitive Information vulnerability in RustDesk Server Pro - Address book sync API. Patching required to prevent sniffing attacks.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Related RustDesk Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.