CVE-2024-7467

Summary

CVE-2024-7467 is a newly disclosed critical vulnerability affecting Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 devices running version 3.90. The issue lies within the sslvpn_config_mod function of the /vpn/list_ip_network.php file in the Web Interface component. An attacker can exploit this vulnerability by manipulating the template/stylenum argument, leading to os command injection. This vulnerability can be exploited remotely, and the exploit has already been made public. The identifier for this vulnerability is VDB-273560. Unfortunately, the vendor has not responded to disclosure notifications about this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.