CVE-2024-55514

Name of the Vulnerable Software and Affected Versions Raisecom MSG1200 version 3.90 Raisecom MSG2100E version 3.90 Raisecom MSG2200 version 3.90 Raisecom MSG2300 version 3.90

Description A vulnerability was found in the web interface of Raisecom devices, specifically in the /upload sfmig.php component. By crafting a suitable form name, an attacker can upload arbitrary files, potentially leading to unauthorized access to server permissions.

Recommendations For Raisecom MSG1200 version 3.90, consider disabling the /upload sfmig.php component until a patch is available. For Raisecom MSG2100E version 3.90, restrict access to the /upload sfmig.php component to minimize the risk of exploitation. For Raisecom MSG2200 version 3.90, avoid using the vulnerable form name in the /upload sfmig.php component until the issue is resolved. For Raisecom MSG2300 version 3.90, consider applying configuration changes to limit the upload of arbitrary files in the /upload sfmig.php component.