exploitDog

CVE-2020-25353

Опубликовано: 20 авг. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters.

Ссылки

https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html
Exploit
Third Party Advisory
https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rconfig:rconfig:3.9.5:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-3hvp-8gh4-hrx5

github

больше 3 лет назад

A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters.

EPSS

Процентиль: 16%

0.00052

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918