Guard against rConfig

CVE-2019-16622

Network configuration management utility, rConfig is vulnerable to unauthenticated remote command execution

(Vulnerable version: rConfig version prior to 3.9.2)

rConfig is the popular network management utility for IT staffs to take multiple configuration snapshots of their networks devices.

A cybersecurity researcher, Mohammad Askar, has recently published details and proof-of-concept exploits for unpatched, critical remote code execution vulnerabilities in the rConfig utility, one of which could allow unauthenticated remote attackers to compromise targeted servers, and connected network devices.

Impact:

The unauthenticated RCE in “ajaxServerSettingsChk.php” allows an attacker to directly execute system commands through a GET request. Command execution is possible due to the “rootUname” parameter being passed to the exec function without filtering

Mitigation (On Host Device):

For hosts: Update to rConfig version 3.9.3 will mitigate this vulnerability.

Mitigation (On Network):

Deploy advanced protection

Zyxel ZyWALL USG/ATP serial firewall uses its IDP security features to block the network attacks.

Update to the latest version of IDP signature and then enable the IDP function to protect your host.

Revision history

2020-1-16: Initial release

Sign In to comment.