Arbitrary File Upload Vulnerability in Raisecom Web Interface

CVE-2024-55516

What is CVE-2024-55516?

CVE-2024-55516 is a high-risk vulnerability identified in the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 network devices operating on version 3.90. This vulnerability affects the /upload_sysconfig.php component of the web interface, allowing attackers to exploit it by crafting specific form names. If successfully executed, this arbitrary file upload can result in unauthorized access to server permissions, enabling potential threats such as data breaches, system compromise, and unauthorized control over the devices. Organizations using the affected models should take immediate steps to secure their systems and apply available patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References