9 matches found
CVE-2024-7120
The CVE-2024-7120 entry concerns Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 devices (Web Interface, file list_base_config.php). The root cause is improper handling of the template argument, enabling OS command injection with remote access. Impact is remote code execution and potential full control...
CVE-2024-55516
The CVE concerns Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 (v3.90). The web interface vulnerability is in /upload_sysconfig.php where crafting a specific form name allows arbitrary file uploads, potentially granting unauthorized access to server permissions. Public references reiterate the...
CVE-2024-55513
CVE-2024-55513 affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (version 3.90). The web interface endpoint /upload_netaction.php allows crafting a form name to upload arbitrary files, potentially leading to unauthorized server access. Reports from multiple sources confirm the same issue; PT-2024...
CVE-2024-55515
The CVE-2024-55515 issue affects Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 (version 3.90). The vulnerability resides in the web interface component /upload_ipslib.php, where crafting a specific form name enables arbitrary file upload. This exposes the devices to potential high-impact compro...
CVE-2024-55514
Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 (version 3.90) are affected by a web interface vulnerability in the /upload_sfmig.php component. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. Mitigation guidance...
CVE-2024-7470
CVE-2024-7470 affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (Web Interface). The vulnerability resides in the sslvpn_config_mod function of /vpn/vpn_template_style.php, where unsafely handling the template/stylenum argument enables OS command injection. Impact is remote exploitation with high...
CVE-2024-7469
CVE-2024-7469 affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (Web Interface) via sslvpn_config_mod in /vpn/list_vpn_web_custom.php. The root cause is improper handling of template/stylenum, enabling OS command injection. The issue is exploitable remotely and has public disclosure. Connected do...
CVE-2024-7468
The CVE-2024-7468 issue affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface (sslvpn_config_mod in /vpn/list_service_manage.php). The root cause is parameter manipulation (template/stylenum) enabling OS command injection, with remote access and public exploit disclosure (VDB-273561). A...
CVE-2024-7467
The CVE-2024-7467 issue affects Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 (Web Interface) in the /vpn/list_ip_network.php endpoint. The root cause is manipulation of the template/stylenum parameter in the sslvpn_config_mod function, leading to command injection that can be exploited remotely. Pub...