ID AKB:9527F9CE-9A8A-4C09-9224-6EBB1C1CE080
Type attackerkb
Reporter AttackerKB
Modified 2020-06-05T00:00:00


rConfig 3.9.4 and previous versions has unauthenticated SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

Recent assessments:

theguly at June 04, 2020 8:29am UTC reported:

see cve-2020-10220

Assessed Attacker Value: 5
Assessed Attacker Value: 5