CVE-2024-7120

MEDIUM EXPLOITED NUCLEI

Raisecom MSG1200, MSG2100E, MSG2200, MSG2300 3.90 - OS Command Injection via list_base_config.php template parameter

Title source: llm

Exploitation Summary

CVE-2024-7120 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including gh-ost00, jokeir07x. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a detailed writeup and proof-of-concept for CVE-2024-7120, a command injection vulnerability in RAISECOM Gateway devices. The vulnerability allows remote attackers to execute arbitrary commands via the `template` parameter in the `list_base_config.php` script.

Description

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.

Exploits (3)

nomisec WRITEUP 8 stars

by gh-ost00 · remote

https://github.com/gh-ost00/CVE-2024-7120

View Code ZIP pw:eip

This repository provides a detailed writeup and proof-of-concept for CVE-2024-7120, a command injection vulnerability in RAISECOM Gateway devices. The vulnerability allows remote attackers to execute arbitrary commands via the `template` parameter in the `list_base_config.php` script.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: RAISECOM Gateway devices (MSG1200, MSG2100E, MSG2200, MSG2300) with software version 3.90

No auth needed

Prerequisites: Network access to the vulnerable device · Knowledge of the target device's IP or hostname

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by jokeir07x · remote

https://github.com/jokeir07x/CVE-2024-7120-Exploit-by-Dark-07x

View Code ZIP pw:eip

This is a functional exploit for CVE-2024-7120, a command injection vulnerability in Raisecom Gateway devices. It leverages the `template` parameter in `/vpn/list_base_config.php` to execute arbitrary commands, specifically writing a file to `/www/tmp/info.html`.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Raisecom Gateway devices (MSG1200, MSG2100E, MSG2200, MSG2300)

No auth needed

Prerequisites: Target device must be accessible via HTTP/HTTPS · Target must be a vulnerable Raisecom Gateway device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/fa-rrel/cve-2024-7120

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-7120, a command injection vulnerability in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 devices. The exploit leverages the `template` parameter in `list_base_config.php` to execute arbitrary commands, demonstrated via a crafted HTTP GET request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Raisecom MSG1200, MSG2100E, MSG2200, MSG2300 (version 3.90)

No auth needed

Prerequisites: Network access to the target device · Web interface exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection

MEDIUMVERIFIEDby pussycat0x

FOFA: "<TITLE>Web user login</TITLE>" && "<META content\==MSHTML 6.00.2900.5583\" name\=GENERATOR></HEAD>"

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.272451

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.272451

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.380167

Exploit, Third Party Advisory exploit

https://netsecfish.notion.site/Command-Injection-Vulnerability-in-RAISECOM-Gateway-Devices-673bc7d2f8db499f9de7182d4706c707?pvs=4

Scores

CVSS v3 6.3

EPSS 0.9226

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-09-12

CWE

CWE-78

Status published

Products (4)

raisecom/msg1200_firmware 3.90

raisecom/msg2100e_firmware 3.90

raisecom/msg2200_firmware 3.90

raisecom/msg2300_firmware 3.90

Published Jul 26, 2024

Tracked Since Feb 18, 2026