CVE-2021-29004: rConfig 3.9.6 is affected by SQL Injection.
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.
Security readout for executives and security teams
Plain-English summary
CVE-2021-29004 is an authenticated SQL injection in rConfig 3.9.6. The public description says it can, under specific MySQL conditions, lead to remote webshell access. Because rConfig manages network configuration data, a compromised instance could create operational and security risk beyond the application itself.
Executive priority
Treat as high priority if rConfig 3.9.6 is in use, especially on systems managing network device configurations. The main decision is rapid containment and vendor-guided remediation, not broad panic.
Technical view
The CVE describes SQL injection reachable by an authenticated user in rConfig 3.9.6. If MySQL runs on the same host and --secure-file-priv is not set, the issue may allow writing a webshell and remote access. No CVSS, CWE, vendor advisory, or patch details are provided in the bundle.
Likely exposure
Organizations running rConfig 3.9.6 are the stated exposure. Risk is higher where untrusted users can authenticate and MySQL is co-hosted with permissive file-write settings.
Exploitation context
The bundle includes public proof-of-concept references, but KEV is false and no cited source states active exploitation. Exploitation requires authentication, and webshell impact depends on the MySQL deployment conditions described in the CVE.
Researcher notes
Evidence is limited to the CVE description and public PoC links. The affected product is identified as rConfig 3.9.6, but the bundle lacks CVSS, exact vulnerable endpoint details, patch status, and vendor-confirmed remediation.
Mitigation direction
Check rConfig vendor guidance for fixed versions or supported remediation.
Prioritize upgrade or replacement if rConfig 3.9.6 is present.
Restrict rConfig access to trusted administrative networks and users.
Review MySQL secure-file-priv exposure with database administrators.
Monitor the rConfig host for unexpected web files or process activity.
Validation and detection
Inventory rConfig deployments and confirm whether version 3.9.6 is running.
Review rConfig user accounts for unnecessary or untrusted access.
Confirm whether MySQL is co-hosted with the rConfig server.
Check MySQL secure-file-priv configuration against vendor guidance.
Review web server and application logs for suspicious authenticated activity.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
description · low confidence lookup
Database behavior lookup
The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 11, 2021, 11:58 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.