Описание
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:raisecom:msg2300_firmware:3.90:*:*:*:*:*:*:*
cpe:2.3:h:raisecom:msg2300:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:raisecom:msg2100e_firmware:3.90:*:*:*:*:*:*:*
cpe:2.3:h:raisecom:msg2100e:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:raisecom:msg2200_firmware:3.90:*:*:*:*:*:*:*
cpe:2.3:h:raisecom:msg2200:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:raisecom:msg1200_firmware:3.90:*:*:*:*:*:*:*
cpe:2.3:h:raisecom:msg1200:-:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00162
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.1
github
около 1 года назад
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions.
EPSS
Процентиль: 37%
0.00162
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-22