I work as a security consultant and is currently trying to understand the attack surface available through the NAV server RTC client service (tcp port 7046). As I understand it the Control Add-ins can be added through RTC given sufficient permissions. What I have not been able to determine is if this is possible as admin with only access to RTC. All the add-in examples I have found includes creating a page that reference the Control Add-in, which I guess is not possible through the RTC I have access to. Note that I cannot create pages and I cannot access the server except though RTC.
So, can an add-in be used to trigger arbitrary code on the server with only acces to RTC as full admin? The server runs NAV 2017.