Remote OS Command Injection Vulnerability Discovered in Raisecom Web Interface
CVE-2024-7120
Key Information:
Badges
Summary
The vulnerability CVE-2024-7120 is a remote OS command injection vulnerability discovered in Raisecom web interface. It affects the MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 and is classified as critical. The manipulation of the argument template leads to OS command injection, and the attack can be initiated remotely. The exploit has been disclosed to the public, and the associated identifier is VDB-272451. There is no information about actual exploitation by ransomware groups.
Affected Version(s)
MSG1200 3.90
MSG2100E 3.90
MSG2200 3.90
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CybleCyble Sensor Intelligence: Attacks, Phishing Scams And Brute-Force Detections - Cyble
Cyble’s weekly sensor intelligence report identified active vulnerability exploits, phishing campaigns and brute-force attacks.
CVE-2024-7120 Description, Impact and Technical Details
CVE-2024-7120 is a critical vulnerability found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The vulnerability allows for remote OS comma…
BaseFortifyCVE-2024-7120CVE-2024-7120
Did we spark your curiosity? Here you can ask more questions about this CVE. If you could still use more information about this CVE, submit the question in the form below, and you will...
References
EPSS Score
91% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by BaseFortify
Vulnerability published
Vulnerability Reserved