Rconfig: Security Vulnerabilities
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.
CVSS Score
5.4
EPSS Score
0.58
Published
2020-05-18
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).
CVSS Score
8.8
EPSS Score
0.006
Published
2020-05-18
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.
CVSS Score
9.1
EPSS Score
0.011
Published
2020-05-18
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.
CVSS Score
5.4
EPSS Score
0.722
Published
2020-05-18
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
CVSS Score
9.8
EPSS Score
0.839
Published
2020-03-23
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response.
CVSS Score
7.5
EPSS Score
0.316
Published
2020-03-20
CVE-2020-10221
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
Known exploited
CVSS Score
8.8
EPSS Score
0.911
Published
2020-03-08
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVSS Score
9.8
EPSS Score
0.94
Published
2020-03-07
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS Score
8.8
EPSS Score
0.921
Published
2020-01-06
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-06