A cybersecurity researcher has published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the popular network configuration management utility rConfig. The vulnerabilities affect all versions of rConfig, including the latest rConfig version 3.9.2, with no security patch available at the time of writing. Each flaw resides in a separate file of the utility, one, tracked as CVE-2019-16662, can be exploited remotely without requiring pre-authentication, the other requires authentication before its exploitation.
Source: https://thehackernews.com/2019/11/rConfig-network-vulnerability.html