CVE-2020-25353: SSRF
First published: Fri Aug 20 2021(Updated: )
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | =3.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the SSRF vulnerability in rConfig?
The vulnerability ID for the SSRF vulnerability in rConfig is CVE-2020-25353.
What is the severity of CVE-2020-25353?
The severity of CVE-2020-25353 is medium with a CVSS score of 6.5.
How does the SSRF vulnerability in rConfig 3.9.5 affect the system?
The SSRF vulnerability in rConfig 3.9.5 allows remote authenticated attackers to open a connection to the system via the deviceIpAddr and connPort parameters.
How can the SSRF vulnerability in rConfig 3.9.5 be fixed?
The SSRF vulnerability in rConfig 3.9.5 has been fixed in version 3.9.6.
Where can I find more information about the SSRF vulnerability in rConfig?
You can find more information about the SSRF vulnerability in rConfig at this link: https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.5