File Upload Vulnerability in Raisecom MSG Series Products

CVE-2024-55514

Summary

CVE-2024-55514 identifies a critical file upload vulnerability in the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 products, specifically in version 3.90. The flaw exists in the /upload_sfmig.php component of the web interface, where insufficient validation allows an attacker to craft a specific form name that enables the upload of arbitrary files. This vulnerability could lead to unauthorized access, which could compromise server permissions and put sensitive information at risk. Organizations using these devices are strongly advised to apply any available patches or mitigations immediately to secure their networks.

References