VYPR

rConfig

by rConfig

CVEs (44)

  • CVE-2020-25353MedAug 20, 2021
    risk 0.42cvss 6.5epss 0.01

    A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters.

  • CVE-2020-25351MedAug 20, 2021
    risk 0.42cvss 6.5epss 0.01

    An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.

  • CVE-2020-25352MedAug 20, 2021
    risk 0.35cvss 5.4epss 0.02

    A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then…

  • CVE-2020-15712MedJul 28, 2020
    risk 0.28cvss 4.3epss 0.02

    rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary…

Page 3 of 3