vulnerability

Javs Viewer: CVE-2024-4978: Backdoor Discovered in JAVS Viewer

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	May 23, 2024	May 23, 2024	May 24, 2024

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

May 23, 2024

Added

May 23, 2024

Modified

May 24, 2024

Description

Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action. This version contains a backdoored installer that allows attackers to gain full control of affected systems. **Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials.** Users should install the latest version of JAVS Viewer (8.3.8 or higher) **after** re-imaging affected systems. These findings were identified through an investigation performed by Rapid7 analysts.

Solution

javs-viewer-fffmpeg-detected

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report