CyberSec.Space Logo
Back to CVE Browser

CVE-2020-10546

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1020%
EPSS Percentile37.20th
PublishedJun 4, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

Affected Platforms (CPE)

πŸ“¦
Rconfig

Rconfig

<= 3.9.4

References & Advisories

πŸ”— https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
πŸ”— https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
πŸ”— https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
πŸ”— https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/

Related Vulnerabilities

CVE-2020-157159.9

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the sear...

CVE-2020-108799.8

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parame...

CVE-2019-166629.8

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerS...

CVE-2020-102209.8

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchCol...