Arbitrary File Upload Vulnerability in Raisecom Web Interface

CVE-2024-55516

Summary

CVE-2024-55516 is a high-risk vulnerability identified in the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 network devices operating on version 3.90. This vulnerability affects the /upload_sysconfig.php component of the web interface, allowing attackers to exploit it by crafting specific form names. If successfully executed, this arbitrary file upload can result in unauthorized access to server permissions, enabling potential threats such as data breaches, system compromise, and unauthorized control over the devices. Organizations using the affected models should take immediate steps to secure their systems and apply available patches.

References