目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-7120 PoC — Raisecom MSG1200、MSG2100E、MSG2200和MSG2300 操作系统命令注入漏洞

来源
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7120.yaml
关联漏洞
标题:Raisecom MSG1200、MSG2100E、MSG2200和MSG2300 操作系统命令注入漏洞 (CVE-2024-7120)
Description:Raisecom MSG1200等都是中国瑞斯达康(Raisecom)公司的一款千兆融合网关。 Raisecom MSG1200、MSG2100E、MSG2200和MSG2300存在操作系统命令注入漏洞,该漏洞源于对参数template的错误操作会导致操作系统命令注入。
Description
A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.
文件快照

 id: CVE-2024-7120

info:
  name: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Inje

...
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。