Remote OS Command Injection Vulnerability Discovered in Raisecom Web Interface
Key Information
- Vendor
- Raisecom
- Status
- Msg1200
- Msg2100e
- Msg2200
- Msg2300
- Vendor
- CVE Published:
- 26 July 2024
Badges
Summary
The vulnerability CVE-2024-7120 is a remote OS command injection vulnerability discovered in Raisecom web interface. It affects the MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 and is classified as critical. The manipulation of the argument template leads to OS command injection, and the attack can be initiated remotely. The exploit has been disclosed to the public, and the associated identifier is VDB-272451. There is no information about actual exploitation by ransomware groups.
Affected Version(s)
MSG1200 = 3.90
MSG2100E = 3.90
MSG2200 = 3.90
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVE-2024-7120 Description, Impact and Technical Details
CVE-2024-7120 is a critical vulnerability found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The vulnerability allows for remote OS comma…
1 month ago
CVE-2024-7120
Did we spark your curiosity? Here you can ask more questions about this CVE. If you could still use more information about this CVE, submit the question in the form below, and you will...
2 months ago
EPSS Score
83% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by BaseFortify
Risk change from: null to: 6.3 - (MEDIUM)
Vulnerability published.
VulDB entry last update
Vulnerability Reserved.
VulDB entry created
Advisory disclosed