CVE-2021-29006
MEDIUM NUCLEIRconfig - Path Traversal
Title source: ruleDescription
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
Nuclei Templates (1)
rConfig 3.9.6 - Local File Inclusion
MEDIUMVERIFIEDby r3Y3r53
Shodan:
http.title:"rConfig" || http.title:"rconfig"
FOFA:
title="rconfig"
Scores
CVSS v3
6.5
EPSS
0.2059
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
rconfig/rconfig
3.9.6
Published
Oct 11, 2021
Tracked Since
Feb 18, 2026