rConfig.Network.Device.vendor.crud.php.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in rConfig Network Device Configuration Tool.
This vulnerability is due to improper validation of file upload functionality by vendor.crud.php. A remote authenticated attacker could exploit this vulnerability by sending a crafted request to the targeted server. Successful exploitation of the vulnerability could lead to arbitrary code execution under the security context of the service.
Affected Products
rConfig Network Device Configuration Tool 3.9.6 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
rConfig has not released an advisory or patch regarding this vulnerability.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-08-12 | 18.139 | Sig Added |
2020-12-02 | 16.972 | Default_action:pass:drop |
2020-10-14 | 16.943 |