CVE-2024-55516

CRITICAL EPSS 39.1%

Published Dec 17, 20241y ago · Modified Jun 17, 20261w ago

9.1 CVSS 3.1

Critical

Published Dec 17, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.

CVSS Details

Base Score

9.1

Exploitability

3.9

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

39.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 8

Vendor	Product	Version	Range
raisecom	msg2300_firmware	3.90	any
raisecom	msg2300	*	any
raisecom	msg2100e_firmware	3.90	any
raisecom	msg2100e	*	any
raisecom	msg2200_firmware	3.90	any
raisecom	msg2200	*	any
raisecom	msg1200_firmware	3.90	any
raisecom	msg1200	*	any

References 1

gist.github.com https://gist.github.com/wscg928/cbe88078751abad2ada2334eb12a5060

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.