CVE-2024-55514

MEDIUM EPSS 12.6%
Published Dec 17, 20241y ago · Modified Jun 17, 20261w ago
6.3 CVSS 3.1
Medium
Find Similar
Published Dec 17, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.

CVSS Details

Base Score
6.3
Exploitability
2.8
Impact
3.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low

Threat Intelligence

EPSS Exploit Probability
12.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

Affected Products 8

VendorProductVersionRange
raisecommsg2300_firmware3.90any
raisecommsg2300*any
raisecommsg2100e_firmware3.90any
raisecommsg2100e*any
raisecommsg2200_firmware3.90any
raisecommsg2200*any
raisecommsg1200_firmware3.90any
raisecommsg1200*any

References 1

  • gist.github.com https://gist.github.com/wscg928/cbe88078751abad2ada2334eb12a5060
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.