CVE-2024-7120
high-risk
Published 2024-07-26
A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.
Do I need to act?
!
92.3% chance of exploitation in next 30 days
EPSS score — higher than 8% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (4)
Msg2300 Firmware
Msg2100E Firmware
Msg2200 Firmware
Msg1200 Firmware
Affected Vendors
References (8)
Permissions Required
https://vuldb.com/?ctiid.272451
Third Party Advisory
https://vuldb.com/?id.272451
Third Party Advisory
https://vuldb.com/?submit.380167
Permissions Required
https://vuldb.com/?ctiid.272451
Third Party Advisory
https://vuldb.com/?id.272451
Third Party Advisory
https://vuldb.com/?submit.380167
53
/ 100
high-risk
Severity
23/34 · High
Exploitability
20/34 · Moderate
Exposure
10/34 · Low