5 matches found
rConfig Remote Code Execution (CVE-2019-16662; CVE-2019-16663)
A remote code execution vulnerability exists in rConfig. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
rConfig < 3.9.3 Multiple RCE Vulnerabilities - Version Check
rConfig is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote...
CVE-2019-16663
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-16663
CVE-2019-16663 affects rConfig 3.9.2. An attacker can directly execute system commands by issuing a GET to search.crud.php, where the category command parameter (catCommand) is passed to exec without proper filtering, enabling command execution. The description specifies remote code execution via...