CVE-2019-16662

EPSS 97.7%

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 97.7%KEV nãoPoC públicaNuclei simMetasploit simPatch —

Lifecycle

28 Oct 2019Metasploit module available

28 Oct 2019Published on NVD

29 Oct 2019Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/mhaskar/CVE-2019-16662★ 13 cve_referencepacketstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.htmlunverified cve_referencepacketstormsecurity.com/files/155186/rConfig-3.9.2-Command-Injection.htmlunverified exploitdbwww.exploit-db.com/exploits/47602unverified exploitdbwww.exploit-db.com/exploits/47555unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html http://packetstormsecurity.com/files/155186/rConfig-3.9.2-Command-Injection.html https://drive.google.com/file/d/1bTpTn4-alJ8qGCEATLq-oVM6HbhE65iY/view?usp=sharing https://drive.google.com/open?id=1OXI5cNuwWqc6y-7BgNCfYHgFPK2cpvnu https://gist.github.com/mhaskar/ceb65fa4ca57c3cdccc1edfe2390902e https://rconfig.com/download https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/