2 matches found
rConfig SQL Injection Vulnerability (CNVD-2020-38217)
rConfig is an open source network configuration management utility . A SQL injection vulnerability exists in rConfig 3.9.4 and earlier versions, which stems from the program storing node passwords in plaintext. An attacker can exploit this vulnerability to access a listened network device...
The vulnerability in the /etc/sudoers component of the rConfig utility, which manages network device configurations, allows a hacker to circumvent existing security restrictions.
The vulnerability of the /etc/sudoers component of the rConfig network device configuration management tool is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...