Product
An authorization vulnerability exists in RustDesk before version 1.4.9 where the server-side fails to properly enforce connection scope for authenticated peers, allowing an attacker, having been granted a limited session type, to inject control messages typically reserved for a full Remote session and gain unauthorized observation and control over the host.