Unrated severityNVD Advisory· Published Aug 5, 2024· Updated Aug 6, 2024

Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_ip_network.php sslvpn_config_mod os command injection

CVE-2024-7467

Description

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273560. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Raisecom/Msg2200v5
Range: 3.90
Raisecom/Msg2300v5
Range: 3.90

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/sQrromK7x42JbLgY/Command%20Injection%20Vulnerability%20in%20RAISECOM%20Gateway%20Devices-list_ip_network.php.pdfmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000