Remote OS Command Injection Vulnerability Discovered in Raisecom Web Interface
CVE-2024-7120
Key Information:
- Vendor
- Raisecom
- Status
- Msg1200
- Msg2100e
- Msg2200
- Msg2300
- Vendor
- CVE Published:
- 26 July 2024
Badges
Summary
The vulnerability CVE-2024-7120 is a remote OS command injection vulnerability discovered in Raisecom web interface. It affects the MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 and is classified as critical. The manipulation of the argument template leads to OS command injection, and the attack can be initiated remotely. The exploit has been disclosed to the public, and the associated identifier is VDB-272451. There is no information about actual exploitation by ransomware groups.
Affected Version(s)
MSG1200 3.90
MSG2100E 3.90
MSG2200 3.90
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
CybleCyble Sensor Intelligence: Attacks, Phishing Scams And Brute-Force Detections - Cyble
Cyble’s weekly sensor intelligence report identified active vulnerability exploits, phishing campaigns and brute-force attacks.
4 months ago
CVE-2024-7120 Description, Impact and Technical Details
CVE-2024-7120 is a critical vulnerability found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The vulnerability allows for remote OS comma…
5 months ago
BaseFortifyCVE-2024-7120CVE-2024-7120
Did we spark your curiosity? Here you can ask more questions about this CVE. If you could still use more information about this CVE, submit the question in the form below, and you will...
5 months ago
References
EPSS Score
76% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by BaseFortify
Vulnerability published
Vulnerability Reserved