1. Home
  2. CVE Database
  3. CVE-2024-7120
MEDIUM · 6.3

CVE-2024-7120

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web...

Vulnerability Description

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
RaisecomMsg2300 Firmware3.90
RaisecomMsg2300-
RaisecomMsg2100E Firmware3.90
RaisecomMsg2100E-
RaisecomMsg2200 Firmware3.90
RaisecomMsg2200-
RaisecomMsg1200 Firmware3.90
RaisecomMsg1200-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2024-7120?

CVE-2024-7120 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web...

How severe is CVE-2024-7120?

CVE-2024-7120 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7120?

Check the references section above for vendor advisories and patch information. Affected products include: Raisecom Msg2300 Firmware, Raisecom Msg2300, Raisecom Msg2100E Firmware, Raisecom Msg2100E, Raisecom Msg2200 Firmware.