CVE-2024-55514

MEDIUM

Raisecom Msg2300 Firmware - Unrestricted File Upload

Title source: rule

Description

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.

References (1)

Core 1

Core References

Third Party Advisory

https://gist.github.com/wscg928/cbe88078751abad2ada2334eb12a5060

Scores

CVSS v3 6.3

EPSS 0.0007

EPSS Percentile 20.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (4)

raisecom/msg1200_firmware 3.90

raisecom/msg2100e_firmware 3.90

raisecom/msg2200_firmware 3.90

raisecom/msg2300_firmware 3.90

Published Dec 17, 2024

Tracked Since Feb 18, 2026