Researcher Discovered Two Critical Vulnerabilities in rConfig Utility

Researcher Mohammad Askar from Shell Systems posted on the Web details and PoC codes for two critical remote code execution vulnerabilities in rConfig.

Their exploitation allows an unauthorized attacker remotely compromise target servers and connected network devices.

RConfig is a free, open source network device configuration management utility that allows network engineers to set up and take frequent snapshots of network device configurations.

rConfig is used to manage more than 3.3 million network devices, including switches, routers, firewalls, load balancers, and WAN optimizers.

Read also: Four vulnerabilities in MikroTik routers could lead to a backdoor

The first issue (CVE-2019-16662) affects all versions of rConfig up to and including 3.9.2.

“The first one called “ajaxServerSettingsChk.php” file which suffers from an unauthenticated RCE that could triggered by sending a crafted GET request via “rootUname” parameter which is declared in line #2 and then passed to exec function in line #13 which you can inject it with a malicious OS command to be executed on the server”, — writes Mohammad Askar.

Second vulnerability (CVE-2019-16663) affects all rConfig versons up to 3.6.0.

Mohammad Askar
Mohammad Askar

“The second vulnerability has been discovered in a file called “search.crud.php” which suffers from an authenticated RCE that could triggered by sending a crafted GET request that contains two parameters, the first one called “searchTerm” and this parameter can contains any value you want”, — reports Mohammad Askar.

An unauthorized attacker can remotely exploit vulnerabilities.

In both cases, in order to exploit the vulnerability, the attacker needs to access the vulnerable files using a specially crafted GET parameter designed to execute malicious OS commands on the target server. An attacker can gain access to the command line on the victim’s server and execute any arbitrary command on the compromised server with web application privileges. Mohammad Askar reported about two vulnerabilities on September 19, 2019 to rConfig main developer, but since that time did not get any fix release date or even a statement that they will fix the vulnerability.

RConfig users are advised temporarily remove the application from the server or use alternative solutions until patches appear.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button