CVE-2024-55516

Name of the Vulnerable Software and Affected Versions Raisecom MSG1200 version 3.90 Raisecom MSG2100E version 3.90 Raisecom MSG2200 version 3.90 Raisecom MSG2300 version 3.90

Description A vulnerability was found in the Raisecom MSG series routers, affecting the /upload sysconfig.php component on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.

Recommendations For Raisecom MSG1200 version 3.90, consider disabling the /upload sysconfig.php endpoint until a patch is available. For Raisecom MSG2100E version 3.90, restrict access to the /upload sysconfig.php endpoint to minimize the risk of exploitation. For Raisecom MSG2200 version 3.90, avoid using the vulnerable form name in the /upload sysconfig.php endpoint until the issue is resolved. For Raisecom MSG2300 version 3.90, as a temporary workaround, consider restricting file uploads through the /upload sysconfig.php endpoint until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.