Raisecom MSG1200、Raisecom MSG2100E、Raisecom MSG2200和Raisecom MSG2300 操作系统命令注入漏洞

🗓️ 05 Aug 2024 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

OS command injection in Raisecom gateways 1200, 2100E, 2200, 2300 v3.90 via template/ in /vpn/list_service_manage.php.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the ssvpn_config_mod function in the /vpn/list_service_manage.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 integrated routing software allows a malicious actor to execute arbitrary commands.	7 Aug 202400:00	–	bdu_fstec
Circl	CVE-2024-7468	5 Aug 202406:22	–	circl
CVE	CVE-2024-7468	5 Aug 202403:00	–	cve
Cvelist	CVE-2024-7468 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_service_manage.php sslvpn_config_mod os command injection	5 Aug 202403:00	–	cvelist
EUVD	EUVD-2024-48389	3 Oct 202520:07	–	euvd
NVD	CVE-2024-7468	5 Aug 202403:16	–	nvd
OSV	CVE-2024-7468	5 Aug 202403:16	–	osv
Positive Technologies	PT-2024-5394 · Raisecom · Raisecom Msg2200 +3	4 Aug 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-7468	23 May 202509:51	–	redhatcve
Vulnrichment	CVE-2024-7468 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_service_manage.php sslvpn_config_mod os command injection	5 Aug 202403:00	–	vulnrichment

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/sQrromK7x42JbLgY/Command%20Injection%20Vulnerability%20in%20RAISECOM%20Gateway%20Devices-list_service_manage.php.pdf
cxsecurity	www.cxsecurity.com/cveshow/CVE-2024-7468/

31 Dec 2025 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.16.3 - 9.8

CVSS 45.3

CVSS 26.5

CVSS 36.3

EPSS0.01451

SSVC

Raisecom gateway 1200 Raisecom gateway 2100E Raisecom gateway 2200 Raisecom gateway 2300 Command injection Template parameter Vpn list service Version 3.90