CVE-2024-7120 Scanner
CVE-2024-7120 scanner - Command Injection vulnerability in Raisecom MSG1200, MSG2100E, MSG2200, MSG2300
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 are network gateway devices commonly used in enterprise environments. They provide connectivity and management features essential for maintaining network infrastructure. These devices are widely deployed in settings where reliable network communication is critical. Their web-based interface allows for easy configuration and management. However, vulnerabilities within this interface can lead to significant security risks.
The Command Injection vulnerability in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 allows attackers to execute arbitrary commands on the device. This vulnerability is found in the web interface, specifically in the handling of user inputs in the list_base_config.php file. Exploitation of this flaw could allow unauthorized users to compromise the device remotely. This issue has been classified as critical and can be exploited without user interaction.
The vulnerability exists in the list_base_config.php file of the web interface, where the template parameter is not properly sanitized. An attacker can inject OS commands by manipulating this parameter, leading to remote command execution. This allows attackers to execute commands on the server with the same privileges as the web server. The issue can be triggered by sending a specially crafted HTTP request to the vulnerable endpoint, resulting in the execution of arbitrary code on the device.
Exploiting this vulnerability could allow attackers to gain unauthorized access to the device, execute arbitrary commands, and potentially take full control of the network gateway. This could lead to data breaches, network disruptions, and further exploitation of the internal network. The impact of this vulnerability is severe, as it could compromise the integrity and security of the entire network infrastructure managed by the affected devices.
By using the security scanning services provided by the S4E platform, you can proactively identify and remediate critical vulnerabilities like Command Injection in your network devices. The platform offers detailed reports and actionable insights, helping you to secure your infrastructure and prevent potential breaches. Join our platform to leverage comprehensive security checks and keep your systems protected from emerging threats.
References:
