Detected two extremely serious vulnerabilities in the rConfig utility

Security researcher Mohammad Askar recently discovered two vulnerabilities in the rConfig tool, a commonly used network configuration management utility. These two vulnerabilities are considered serious, at least one of which can allow hackers to gain access to the target server and connected network devices, then hijack the device.

• Warning: Google Chrome is experiencing serious security errors, patch updates right away
• Warning: Detecting a very serious vulnerability in Cyberoam, a common firewall system in Vietnam

These two vulnerabilities affect all versions of rConfig, including the latest version 3.9.2. According to NIST (National Institute of Standards and Technology), the rConfig vulnerability is rated as serious as 9.8 / 10. Currently, there is no security patch for these 2 vulnerabilities.

Vietnam Cyber ​​Security Company VSEC said that many Vietnamese businesses will be directly affected by this vulnerability. The network managed by rConfig utility can be easily attacked and controlled by hackers.

In Vietnam, more than 10,000 devices belonging to large networks in enterprises are using the rConfig utility.

Due to the absence of a patch, VSEC recommends that units using rConfig should do the following to avoid unfortunate incidents that may occur.

• Restrict IP address access to the system.
• If not used, block access to the ajaxServerSettingsChk.php module or use alternative administrative solutions.
• As soon as the patch is released, update now.