Server-Side Request Forgery in rConfig by rConfig Inc.
CVE-2020-25353

6.5MEDIUM

Key Information:

Vendor: Rconfig
Status: Rconfig
Vendor: CVE Published:; 20 August 2021

What is CVE-2020-25353?

A server-side request forgery (SSRF) vulnerability in rConfig version 3.9.5 allows remote authenticated attackers to manipulate requests, potentially gaining unauthorized access to the server. Specifically, the vulnerability is linked to the 'deviceIpAddr' and 'connPort' parameters, which can be exploited to establish connections to internal services. This issue has been addressed in version 3.9.6, which includes necessary patches to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2021
Vulnerability Reserved
Sep 14, 2020

JSON

Rconfig

What is CVE-2020-25353?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.