Vulnerabilities > CVE-2020-25353 - Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

rconfig

CWE-918

NVD

Published: 2021-08-20

Updated: 2021-08-24

Summary

A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters.

Vulnerable Configurations

Part	Description	Count
Application	Rconfig Rconfig Rconfig 3.9.5	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html