CVE-2024-55514

MEDIUM

Raisecom MSG1200 MSG2100E MSG2200 MSG2300 3.90 - Unauthenticated Arbitrary File Upload via /upload_sfmig.php

Title source: llm

Description

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.

References (1)

Core 1

Core References

Third Party Advisory

https://gist.github.com/wscg928/cbe88078751abad2ada2334eb12a5060

Scores

CVSS v3 6.3

EPSS 0.0022

EPSS Percentile 12.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (4)

raisecom/msg1200_firmware 3.90

raisecom/msg2100e_firmware 3.90

raisecom/msg2200_firmware 3.90

raisecom/msg2300_firmware 3.90

Published Dec 17, 2024

Tracked Since Feb 18, 2026