Two bugs in the network configuration utility rConfig have been identified, both allowing remote code execution on affected systems. One bug allows for a user to attack a system remotely sans authentication. The vulnerabilities are both tied to rConfig version 3.9.2 and are tied to the free open-source configuration tool. One vulnerability has the higher CVSS (v3.1) rating of 9.8 out of 10. The other bug (CVE-2019-16662) allows an attacker to execute system commands on affected devices.
Source: https://threatpost.com/critical-rce-flaw-in-rconfig/149847/

