LiveActive security incident?Get immediate response
CVE Record

CVE-2021-29004: rConfig 3.9.6 is affected by SQL Injection.

rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

CVE-2021-29004 is an authenticated SQL injection in rConfig 3.9.6. The public description says it can, under specific MySQL conditions, lead to remote webshell access. Because rConfig manages network configuration data, a compromised instance could create operational and security risk beyond the application itself.

Executive priority

Treat as high priority if rConfig 3.9.6 is in use, especially on systems managing network device configurations. The main decision is rapid containment and vendor-guided remediation, not broad panic.

Technical view

The CVE describes SQL injection reachable by an authenticated user in rConfig 3.9.6. If MySQL runs on the same host and --secure-file-priv is not set, the issue may allow writing a webshell and remote access. No CVSS, CWE, vendor advisory, or patch details are provided in the bundle.

Likely exposure

Organizations running rConfig 3.9.6 are the stated exposure. Risk is higher where untrusted users can authenticate and MySQL is co-hosted with permissive file-write settings.

Exploitation context

The bundle includes public proof-of-concept references, but KEV is false and no cited source states active exploitation. Exploitation requires authentication, and webshell impact depends on the MySQL deployment conditions described in the CVE.

Researcher notes

Evidence is limited to the CVE description and public PoC links. The affected product is identified as rConfig 3.9.6, but the bundle lacks CVSS, exact vulnerable endpoint details, patch status, and vendor-confirmed remediation.

Mitigation direction

  • Check rConfig vendor guidance for fixed versions or supported remediation.
  • Prioritize upgrade or replacement if rConfig 3.9.6 is present.
  • Restrict rConfig access to trusted administrative networks and users.
  • Review MySQL secure-file-priv exposure with database administrators.
  • Monitor the rConfig host for unexpected web files or process activity.

Validation and detection

  • Inventory rConfig deployments and confirm whether version 3.9.6 is running.
  • Review rConfig user accounts for unnecessary or untrusted access.
  • Confirm whether MySQL is co-hosted with the rConfig server.
  • Check MySQL secure-file-priv configuration against vendor guidance.
  • Review web server and application logs for suspicious authenticated activity.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

description · low confidence lookup

Database behavior lookup

The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2021-29004 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.