rConfig SQLi Vulnerability (CVE-2020-10548) Scanner

If you are using rConfig, it is better to check your system if any vulnerability exists.

Details

Stay Up To Date

Follow @secforeveryone

Asset Type

domain,ip

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

rConfig SQLi Vulnerability (CVE-2020-10548) Scanner Detail

If you are using rConfig, it is better to check your system if any vulnerability exists.

rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

Some Advice for Common Problems

Update your rConfig Software, to the latest version to eliminate this vulnerability.

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service