CVE-2024-7120

MEDIUM EPSS 99.8%

Published Jul 26, 20241y ago · Modified Jun 17, 20261w ago

5.3 CVSS 4.0

Medium

Published Jul 26, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.

CVSS Details

Base Score

5.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

99.8% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 8

Vendor	Product	Version	Range
raisecom	msg2300_firmware	3.90	any
raisecom	msg2300	*	any
raisecom	msg2100e_firmware	3.90	any
raisecom	msg2100e	*	any
raisecom	msg2200_firmware	3.90	any
raisecom	msg2200	*	any
raisecom	msg1200_firmware	3.90	any
raisecom	msg1200	*	any

References 4

netsecfish.notion.site https://netsecfish.notion.site/Command-Injection-Vulnerability-in-RAISECOM-Gateway-Devices-673bc7d2f8db499f9de7182d4706c707?pvs=4

ExploitThird Party Advisory
vuldb.com https://vuldb.com/?ctiid.272451

Permissions RequiredThird Party Advisory
vuldb.com https://vuldb.com/?id.272451

Third Party Advisory
vuldb.com https://vuldb.com/?submit.380167

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.