CVE-2024-55513

Name of the Vulnerable Software and Affected Versions Raisecom MSG1200 version 3.90 Raisecom MSG2100E version 3.90 Raisecom MSG2200 version 3.90 Raisecom MSG2300 version 3.90

Description A vulnerability was found in the specified Raisecom devices. The component affected by this issue is the "/upload netaction.php" endpoint on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.

Recommendations For Raisecom MSG1200 version 3.90, consider disabling the "/upload netaction.php" endpoint until a patch is available. For Raisecom MSG2100E version 3.90, consider disabling the "/upload netaction.php" endpoint until a patch is available. For Raisecom MSG2200 version 3.90, consider disabling the "/upload netaction.php" endpoint until a patch is available. For Raisecom MSG2300 version 3.90, consider disabling the "/upload netaction.php" endpoint until a patch is available. As a temporary workaround, avoid using the form name parameter in the affected "/upload netaction.php" endpoint until the issue is resolved.