Wscg928

**Name of the Vulnerable Software and Affected Versions** Raisecom MSG1200 version 3.90 Raisecom MSG2100E version 3.90 Raisecom MSG2200 version 3.90 Raisecom MSG2300 version 3.90 **Description** A vulnerability was found in the specified Raisecom devices. The component affected by this issue is the "/upload netaction.php" endpoint on the web interface. By crafting a suitable `form name`, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. **Recommendations** For Raisecom MSG1200 version 3.90, consider disabling the "/upload netaction.php" endpoint until a patch is available. For Raisecom MSG2100E version 3.90, consider disabling the "/upload netaction.php" endpoint until a patch is available. For Raisecom MSG2200 version 3.90, consider disabling the "/upload netaction.php" endpoint until a patch is available. For Raisecom MSG2300 version 3.90, consider disabling the "/upload netaction.php" endpoint until a patch is available. As a temporary workaround, avoid using the `form name` parameter in the affected "/upload netaction.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Raisecom MSG1200 version 3.90 Raisecom MSG2100E version 3.90 Raisecom MSG2200 version 3.90 Raisecom MSG2300 version 3.90 **Description** A vulnerability was found in the web interface of Raisecom devices, specifically in the `/upload sfmig.php` component. By crafting a suitable form name, an attacker can upload arbitrary files, potentially leading to unauthorized access to server permissions. **Recommendations** For Raisecom MSG1200 version 3.90, consider disabling the `/upload sfmig.php` component until a patch is available. For Raisecom MSG2100E version 3.90, restrict access to the `/upload sfmig.php` component to minimize the risk of exploitation. For Raisecom MSG2200 version 3.90, avoid using the vulnerable form name in the `/upload sfmig.php` component until the issue is resolved. For Raisecom MSG2300 version 3.90, consider applying configuration changes to limit the upload of arbitrary files in the `/upload sfmig.php` component.

**Name of the Vulnerable Software and Affected Versions** Raisecom MSG1200 version 3.90 Raisecom MSG2100E version 3.90 Raisecom MSG2200 version 3.90 Raisecom MSG2300 version 3.90 **Description** A problem exists in the web interface of the affected devices, specifically in the /upload ipslib.php component. By crafting a suitable form name, an attacker can upload arbitrary files. **Recommendations** For Raisecom MSG1200 version 3.90, consider disabling access to the /upload ipslib.php endpoint until a patch is available. For Raisecom MSG2100E version 3.90, restrict the ability to upload files through the web interface as a temporary workaround. For Raisecom MSG2200 version 3.90, avoid using the vulnerable component /upload ipslib.php until the issue is resolved. For Raisecom MSG2300 version 3.90, as a temporary measure, limit access to the web interface to minimize the risk of exploitation.