.. / CVE-2020-10546

Exploit for rConfig 3.9.4 - SQL Injection (CVE-2020-10546)

Description:

rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes’ passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

Nuclei Template

View the template here CVE-2020-10546.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-10546.yaml

References:

https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
https://nvd.nist.gov/vuln/detail/CVE-2020-10546
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/theguly/exploits
https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/

.. / CVE-2020-10546 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for rConfig 3.9.4 - SQL Injection (CVE-2020-10546)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-10546