Arbitrary File Upload Vulnerability in Raisecom Network Devices

CVE-2024-55513

Summary

CVE-2024-55513 is a critical vulnerability identified in Raisecom's network devices, specifically within the web interface component at /upload_netaction.php. The vulnerability allows an attacker to upload arbitrary files by exploiting an insecure file upload mechanism. If successfully executed, this could lead to unauthorized access to server permissions, enabling potential control over the affected system. This vulnerability affects several Raisecom products, including MSG1200, MSG2100E, MSG2200, and MSG2300 running version 3.90, and poses a significant risk to network security. Timely updates and security patches are essential to mitigate potential threats.

References