CVE-2025-4338

Lantronix Device Installer is affected by an XML External Entity (XXE) vulnerability in configuration files read from the network device. The issue could allow an attacker to obtain credentials, access the affected device, and modify configurations, with potential access to the host running the D...

rConfig SQL Injection Vulnerability (CNVD-2020-38217)

rConfig is an open source network configuration management utility . A SQL injection vulnerability exists in rConfig 3.9.4 and earlier versions, which stems from the program storing node passwords in plaintext. An attacker can exploit this vulnerability to access a listened network device...

rConfig SQL Injection Vulnerability (CNVD-2020-38218)

rConfig is an open source network configuration management utility . A SQL injection vulnerability exists in rConfig 3.9.4 and earlier versions, which stems from the program storing node passwords in plaintext. An attacker can exploit this vulnerability to access a listened network device...

rConfig SQL Injection Vulnerability (CNVD-2020-38219)

rConfig is an open source network configuration management utility . A SQL injection vulnerability exists in rConfig 3.9.4 and earlier versions, which stems from the program storing node passwords in plaintext. An attacker can exploit this vulnerability to access a listened network device...

CVE-2020-10549

rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices...