search

rConfig

rConfigarrow-up-right is an open-source network configuration management tool primarily used for backing up and managing device configurations. It is commonly deployed in enterprise environments to automate configuration snapshots of routers, switches, and other network equipment. The application is PHP-based and relies on a MySQL backend, making it a frequent target for web application security assessments due to historically poor input sanitization and vulnerable database interactions.

hashtag
SQLi

rConfig versions up before 3.9.5 are vulnerable to a SQLi flaw (CVE-2020-10220arrow-up-right) through the searchColumn parameter in commands.inc.php. This flaw enables unauthorized access to sensitive data or manipulation of the database. A working PoCarrow-up-right is available.

$ python3 48208.py https://<target-IP>

hashtag
Authenticated RCE

rConfig versions up before 3.9.5 are also vulnerable to a command injection flaw (CVE-2020-10879arrow-up-right) in lib/crud/search.crud.php. The nodeId parameter is passed directly to the exec function without proper sanitization, allowing an attacker to execute arbitrary commands on the server. A working PoC is also available.

$ python3 48241.py https://<target-IP> admin Pass123! 192.168.45.170 80

A PoC that combines both CVEs is available herearrow-up-right.

PreviousRaspAPNextResponsive Filemanager

Last updated