rConfig 漏洞列表

rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.

rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in `deviceId` GET parameter of devicemgmnt.php resulting in execution of the javascript.

rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.

rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes, resulting in the disclosure of cleartext credentials in the response.

rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.

弱口令漏洞指的是系统中使用了简单、容易猜测或常见的密码，导致攻击者可以通过猜测或暴力破解的方式轻易获取账户权限，进而访问或控制受影响的系统资源。这种漏洞通常由于缺乏有效的密码策略或用户对安全意识的忽视造成。

rConfig是一款开源的网络配置管理实用程序。Rconfig存在ssrf漏洞，此漏洞是由于configcompare.crud.php接口对用户的请求验证不当导致的。

rConfig是一款开源的网络配置管理实用程序。Rconfig存在ssrf漏洞，此漏洞是由于ajaxGetFileByPath.php接口对用户的请求验证不当导致的。

rConfig 3.9.4 和以前的版本具有未经身份验证的compliancepolicies.inc.php SQL注入。因为，默认情况下，节点的密码以明文形式存储，因此该漏洞会导致横向移动，从而使攻击者能够访问受监控的网络设备。

rConfig 3.9.4 和以前的版本具有未经身份验证的compliancepolicyelements.inc.php SQL注入。因为，默认情况下，节点的密码以明文形式存储，因此该漏洞会导致横向移动，从而使攻击者能够访问受监控的网络设备。

rConfig 3.9.4 和以前的版本有未经身份验证的devices.inc.php SQL注入。因为，默认情况下，节点的密码以明文形式存储，因此该漏洞会导致横向移动，从而使攻击者能够访问受监控的网络设备。

rConfig 3.9.4 和以前的版本有未经身份验证的snippets.inc.php SQL注入。因为，默认情况下，节点的密码以明文形式存储，因此该漏洞会导致横向移动，从而使攻击者能够访问受监控的网络设备。

rConfig useradmin.inc.php 存在信息泄露漏洞，通过访问文件获取一些配置信息（明文凭证）

rConfig ajaxArchiveFiles.php文件中由于对path参数和ext参数进行命令拼接，导致攻击者可以远程命令执行获取服务器权限

rConfig ajaxEditTemplate.php文件中由于对fileName参数进行命令拼接，导致攻击者可以远程命令执行获取服务器权限

rConfig useradmin.inc.php 存在信息泄露漏洞，通过访问文件获取用户邮箱信息和登录名

rConfig userprocess.php存在任意用户创建漏洞，发送特定的请求包攻击者可以创建管理员账户登录后台,出现漏洞的原因是对权限设定错误，任何人都可以通过访问这个文件创建管理员用户。

rConfig是用PHP编写的开源网络设备配置工具，根据该项目的网站，rConfig被用于管理超过330万个网络设备。安全研究人员在rConfig工具中发现未修复的关键RCE漏洞，ajaxServerSettingsChk.php中未经身份验证的RCE（CVE-2019-16662）。攻击者可通过GET参数访问文件并在目标服务器上执行恶意命令。