Raisecom Gateway vpn_template_style.php - Remote Command Execution

Short Info

Level

High

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

12 days 8 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The /vpn/vpn_template_style.php endpoint in Raisecom Multi-Service Intelligent Gateway is vulnerable to unauthenticated remote command execution. The stylenum parameter fails to properly sanitize user input, allowing attackers to inject system commands using backticks (`\) or pipe (|`) characters.

References:

https://github.com/koishi0x01/CVE/blob/main/CVE_1.md

Get started to protecting your digital assets

Start trial See the plans

Raisecom Gateway vpn_template_style.php - Remote Command Execution

Short Info

-

Detail

Category