Lucene search
K
RaisecomMsg2200 Firmware

9 matches found

CVE
CVE
added 2024/07/26 5:0 a.m.113 views

CVE-2024-7120

The CVE-2024-7120 entry concerns Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 devices (Web Interface, file list_base_config.php). The root cause is improper handling of the template argument, enabling OS command injection with remote access. Impact is remote code execution and potential full control...

9.8CVSS6.9AI score0.934EPSS
In wildWeb
CVE
CVE
added 2024/12/17 12:0 a.m.60 views

CVE-2024-55516

The CVE concerns Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 (v3.90). The web interface vulnerability is in /upload_sysconfig.php where crafting a specific form name allows arbitrary file uploads, potentially granting unauthorized access to server permissions. Public references reiterate the...

9.1CVSS6.5AI score0.00502EPSS
CVE
CVE
added 2024/12/17 12:0 a.m.59 views

CVE-2024-55513

CVE-2024-55513 affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (version 3.90). The web interface endpoint /upload_netaction.php allows crafting a form name to upload arbitrary files, potentially leading to unauthorized server access. Reports from multiple sources confirm the same issue; PT-2024...

9.1CVSS6.5AI score0.00502EPSS
CVE
CVE
added 2024/12/17 12:0 a.m.51 views

CVE-2024-55515

The CVE-2024-55515 issue affects Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 (version 3.90). The vulnerability resides in the web interface component /upload_ipslib.php, where crafting a specific form name enables arbitrary file upload. This exposes the devices to potential high-impact compro...

9.8CVSS6.6AI score0.00569EPSS
CVE
CVE
added 2024/12/17 12:0 a.m.50 views

CVE-2024-55514

Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 (version 3.90) are affected by a web interface vulnerability in the /upload_sfmig.php component. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. Mitigation guidance...

6.3CVSS6.5AI score0.00222EPSS
CVE
CVE
added 2024/08/05 4:0 a.m.37 views

CVE-2024-7470

CVE-2024-7470 affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (Web Interface). The vulnerability resides in the sslvpn_config_mod function of /vpn/vpn_template_style.php, where unsafely handling the template/stylenum argument enables OS command injection. Impact is remote exploitation with high...

9.8CVSS7AI score0.24873EPSS
Web
CVE
CVE
added 2024/08/05 3:31 a.m.34 views

CVE-2024-7469

CVE-2024-7469 affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (Web Interface) via sslvpn_config_mod in /vpn/list_vpn_web_custom.php. The root cause is improper handling of template/stylenum, enabling OS command injection. The issue is exploitable remotely and has public disclosure. Connected do...

9.8CVSS6.9AI score0.24873EPSS
Web
CVE
CVE
added 2024/08/05 3:0 a.m.33 views

CVE-2024-7468

The CVE-2024-7468 issue affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface (sslvpn_config_mod in /vpn/list_service_manage.php). The root cause is parameter manipulation (template/stylenum) enabling OS command injection, with remote access and public exploit disclosure (VDB-273561). A...

9.8CVSS6.9AI score0.24873EPSS
Web
CVE
CVE
added 2024/08/05 2:31 a.m.30 views

CVE-2024-7467

The CVE-2024-7467 issue affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (Web Interface) in the /vpn/list_ip_network.php endpoint. The root cause is manipulation of the template/stylenum parameter in the sslvpn_config_mod function, leading to command injection that can be exploited remotely. Pub...

9.8CVSS6.8AI score0.23402EPSS
Web