CVE-2021-29006
MEDIUM NUCLEIrconfig 3.9.6 - Authenticated Path Traversal
Title source: llmExploitation Summary
CVE-2021-29006 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
Nuclei Templates (1)
rConfig 3.9.6 - Local File Inclusion
MEDIUMVERIFIEDby r3Y3r53
Shodan:
http.title:"rConfig" || http.title:"rconfig"
FOFA:
title="rconfig"
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://rconfig.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29006-POC.py
Scores
CVSS v3
6.5
EPSS
0.0698
EPSS Percentile
93.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
rconfig/rconfig
3.9.6
Published
Oct 11, 2021
Tracked Since
Feb 18, 2026