CVE-2024-7470: Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface vpn_template_style.php sslvpn_config_mod os command injection
First published: Mon Aug 05 2024(Updated: )
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Raisecom Msg2300 Firmware | =3.90 | |
| Raisecom Msg2300 | ||
| All of | ||
| Raisecom Msg2100e Firmware | =3.90 | |
| Raisecom Msg2100e | ||
| All of | ||
| Raisecom Msg2200 Firmware | =3.90 | |
| Raisecom Msg2200 | ||
| All of | ||
| Raisecom Msg1200 Firmware | =3.90 | |
| Raisecom MSG1200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-7470?
CVE-2024-7470 has been rated as critical.
How do I fix CVE-2024-7470?
To fix CVE-2024-7470, you should update the firmware of your Raisecom MSG1200, MSG2100E, MSG2200, or MSG2300 devices to version 3.90 or later.
Which devices are affected by CVE-2024-7470?
CVE-2024-7470 affects Raisecom devices MSG1200, MSG2100E, MSG2200, and MSG2300 running firmware version 3.90.
What kind of vulnerability is CVE-2024-7470?
CVE-2024-7470 is a vulnerability found within the web interface functionality of Raisecom devices.
What component is impacted by CVE-2024-7470?
CVE-2024-7470 impacts the sslvpn_config_mod function within the /vpn/vpn_template_style.php file.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- vendor/raisecom
- canonical/raisecom msg2300 firmware
- version/raisecom msg2300 firmware/3.90
- canonical/raisecom msg2300
- canonical/raisecom msg2100e firmware
- version/raisecom msg2100e firmware/3.90
- canonical/raisecom msg2100e
- canonical/raisecom msg2200 firmware
- version/raisecom msg2200 firmware/3.90
- canonical/raisecom msg2200
- canonical/raisecom msg1200 firmware
- version/raisecom msg1200 firmware/3.90
- canonical/raisecom msg1200