CVE-2020-10548 Scanner

rConfig is a network configuration management tool designed for network engineers and administrators. It is an open-source tool that allows users to manage various devices on the network such as routers, switches, firewalls and load balancers. The software is designed to automate network configuration backups and provides real-time monitoring of network devices. rConfig also offers the ability to manage configuration compliance and secure the network infrastructure.

Recently, a vulnerability in rConfig was discovered, identified as CVE-2020-10548. This vulnerability allows an attacker to inject malicious SQL code into the device.inc.php file without requiring any authentication. This injection can lead to the escalation of privileges, enabling attackers to gain access to other devices. The attacker can also obtain cleartext passwords, making it easy for them to gain access to network devices and escalate their attack. 

The exploitation of the CVE-2020-10548  vulnerability can lead to significant security risks. Attackers can gain access to sensitive information, and further infiltrate the network infrastructure. The risk of lateral movement can have disastrous consequences for any organization, as attackers will have access to critical resources and confidential information.

Those who read this article can quickly equip themselves with the tools to identify vulnerabilities in their digital assets. s4e.io can scan networks, web applications, and databases to identify security weaknesses and provide a detailed report of any vulnerabilities found. s4e.io's pro features offer a simple and efficient way for organizations to stay ahead of cyber-attacks and protect digital assets effectively.

REFERENCES

• https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py 
• https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/