rConfig.Network.Device.vendor.crud.php.Arbitrary.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in rConfig Network Device Configuration Tool.
This vulnerability is due to improper validation of file upload functionality by vendor.crud.php. A remote authenticated attacker could exploit this vulnerability by sending a crafted request to the targeted server. Successful exploitation of the vulnerability could lead to arbitrary code execution under the security context of the service.

affected-products-logoAffected Products

rConfig Network Device Configuration Tool 3.9.6 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

rConfig has not released an advisory or patch regarding this vulnerability.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-08-12 18.139 Sig Added
2020-12-02 16.972 Default_action:pass:drop
2020-10-14 16.943