CVE-2024-55515

Name of the Vulnerable Software and Affected Versions Raisecom MSG1200 version 3.90 Raisecom MSG2100E version 3.90 Raisecom MSG2200 version 3.90 Raisecom MSG2300 version 3.90

Description A problem exists in the web interface of the affected devices, specifically in the /upload ipslib.php component. By crafting a suitable form name, an attacker can upload arbitrary files.

Recommendations For Raisecom MSG1200 version 3.90, consider disabling access to the /upload ipslib.php endpoint until a patch is available. For Raisecom MSG2100E version 3.90, restrict the ability to upload files through the web interface as a temporary workaround. For Raisecom MSG2200 version 3.90, avoid using the vulnerable component /upload ipslib.php until the issue is resolved. For Raisecom MSG2300 version 3.90, as a temporary measure, limit access to the web interface to minimize the risk of exploitation.