S4E

CVE-2020-10546 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in rConfig affects v. 3.9.4 and before.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

30 second

Time Interval

4 week

Scan only one

Url

Toolbox

-

rConfig is a free, open-source network device configuration management software which provides network engineers with the ability to securely manage network devices and configuration backups. With rConfig, network administrators can monitor and track network device configurations, automate backups, and schedule configuration changes in small to medium-sized networks. This tool is specifically designed to make the management of network devices simpler and more efficient.

CVE-2020-10546 is a vulnerability in rConfig 3.9.4 which can be exploited by unauthenticated attackers to execute arbitrary SQL commands in the compliancepolicies.inc.php file. As a result of this vulnerability, attackers can gain unauthorized access to the targeted network devices and compromise their security. Since the password for nodes is stored in plain text by default, an attacker who successfully exploits this vulnerability can gain access to the monitored network devices, enabling them to perform lateral movement.

Because of this vulnerability, attackers can gain access to sensitive information and potentially take control of the network infrastructure if the exploited network device is a core device. This can cause significant damage to organizations, including financial losses, intellectual property theft, and damage to reputation, to name a few.

In conclusion, the security of digital assets cannot be taken for granted, and it's essential to stay updated about potential vulnerabilities in network devices. At s4e.io, we provide pro features that allow users to quickly and easily learn about the vulnerabilities in the digital assets they are monitoring. These features help our customers keep their network devices safe from potential vulnerabilities, protecting their network infrastructure and ensuring that they continue to run smoothly and securely.

 

REFERENCES

Get started to protecting your Free Full Security Scan