This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this module can bypass authentication via SQL injection.
0b63805ab8f2162cb70c5931c392c85432cadbdd98208528d5861e068261cd6c