Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7120 PoC — Raisecom MSG1200、MSG2100E、MSG2200和MSG2300 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7120.yaml
Associated Vulnerability
Title:Raisecom MSG1200、MSG2100E、MSG2200和MSG2300 操作系统命令注入漏洞 (CVE-2024-7120)
Description:Raisecom MSG1200等都是中国瑞斯达康(Raisecom)公司的一款千兆融合网关。 Raisecom MSG1200、MSG2100E、MSG2200和MSG2300存在操作系统命令注入漏洞,该漏洞源于对参数template的错误操作会导致操作系统命令注入。
Description
A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.
File Snapshot

 id: CVE-2024-7120

info:
  name: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Inje

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.