CVE-2020-10549

2020-06-04T00:00:00
ID AKB:9527F9CE-9A8A-4C09-9224-6EBB1C1CE080
Type attackerkb
Reporter AttackerKB
Modified 2020-06-05T00:00:00

Description

rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

Recent assessments:

theguly at June 04, 2020 8:29am UTC reported:

see cve-2020-10220

Assessed Attacker Value: 5
Assessed Attacker Value: 5