CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-7120

Critical Severity|Raisecom
87
SVRS
9.8
CVSSv3
0.934
EPSS
TAGS
In The WildExploit Avaliable
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:HA:H
PUBLICATION DATE2024-07-26
LAST MODIFIED2024-08-01

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

1. What is this vulnerability and why does it matter?
This is a critical OS command injection vulnerability, identified as CVE-2024-7120. It affects the Web Interface component of several Raisecom MSG series devices. This vulnerability allows an attacker to execute arbitrary operating system commands remotely on the affected device. This matters significantly because successful exploitation can lead to complete compromise of the device, enabling attackers to gain full control, disrupt services, or use the device as a pivot point for further attacks within a network.
2. What are the CVSS score, severity level, and disclosure details?
The CVSS score for this vulnerability is 9.8, classifying it as a Critical severity level. The vulnerability was published on 2024-07-26 05:00:07, and was last modified on 2024-08-01 21:52:30. The exploit has been disclosed to the public and may be actively used.
3. Which products, vendors, systems, and versions are affected?
  • Vendor: Raisecom
  • Products:
    • MSG1200
    • MSG2100E
    • MSG2200
    • MSG2300
  • Versions: Specifically, version 3.90 is affected.
4. What is the technical root cause and attack vector?
The technical root cause is an OS command injection flaw (CWE-78: Improper Neutralization of Special Elements used in an OS Command). This occurs due to insufficient input validation or sanitization when processing the 'template' argument within the `list_base_config.php` file in the device's Web Interface component.

The attack vector is remote, meaning an attacker can exploit this vulnerability over a network without needing local access to the device.
5. How can this vulnerability be exploited?
This vulnerability can be exploited by manipulating the 'template' argument in the `list_base_config.php` file, which is part of the affected devices' Web Interface. By injecting malicious operating system commands into this argument, an attacker can cause the device to execute arbitrary commands. Since the attack can be initiated remotely, an attacker only needs network access to the device's web interface.
7. How can vulnerable systems be detected?
Vulnerable systems can be detected by:
  • Identifying Raisecom MSG1200, MSG2100E, MSG2200, or MSG2300 devices in the network.
  • Verifying if these devices are running version 3.90.
  • Monitoring network traffic and web server logs for suspicious requests to `list_base_config.php` that include unusual characters or command sequences in the 'template' parameter.
8. What are the indicators of compromise (IOCs)?
Indicators of Compromise (IOCs) for this vulnerability could include:
  • Unauthorized or unexpected outbound network connections from the Raisecom device.
  • Unusual process activity or unexpected commands being executed on the device's operating system.
  • Modifications to system configurations or files that were not initiated by administrators.
  • High CPU or memory utilization without a clear legitimate reason.
  • Presence of unfamiliar files or scripts on the device's file system.
  • Abnormal log entries indicating failed or successful attempts to execute commands through the web interface.
10. What public intelligence references and advisories exist?
Public intelligence references and advisories include:
  • CVE ID: CVE-2024-7120
  • VDB-ID: VDB-272451
  • The exploit details have been publicly disclosed, indicating that information on how to exploit this vulnerability is available to attackers.
11. What is the risk assessment and urgency level?
The risk level for CVE-2024-7120 is Extremely High, with a CVSS score of 9.8 (Critical). The urgency level is Immediate.

This vulnerability allows for remote OS command injection, which means an attacker can gain full control over affected Raisecom devices without requiring prior authentication or local access. The public disclosure of exploit details further elevates the risk, as it lowers the bar for attackers to weaponize and deploy exploits. Organizations using affected Raisecom MSG series devices (MSG1200, MSG2100E, MSG2200, MSG2300 running version 3.90) should prioritize assessing their exposure and implementing any available mitigations or patches without delay to prevent potential system compromise and unauthorized access.

No IOCs found for this CVE

TitleSoftware LinkDate
jokeir07x/CVE-2024-7120-Exploit-by-Dark-07xhttps://github.com/jokeir07x/CVE-2024-7120-Exploit-by-Dark-07x2025-04-24
codeb0ss/CVE-2024-7120-PoChttps://github.com/codeb0ss/CVE-2024-7120-PoC2024-08-01
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
ISC StormCast for Wednesday, September 25th, 2024
Dr. Johannes B. Ullrich2024-09-25
ISC StormCast for Wednesday, September 25th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. RAISECOM Exploit; Cellopoint Vuln; Cisco Smart Licensing Details; Ivanty Traffic Manager Exploited; Linux Vulnerablity Controversy;Exploitation of RAISECOM Gateway Devices CVE-2024-7120 https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292 Cellopoint Vulnerability CVE-2024-9043 https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html Cisco Smart Licensing Vulnerability Details https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html Ivanti
sans.edurssforumnews
Weekly Cybersecurity Report: IoT & IT Vulnerabilities - Cyble
2025-07-14
Weekly Cybersecurity Report: IoT & IT Vulnerabilities - Cyble | News Content: Cyble vulnerability intelligence researchers have discovered new vulnerabilities through its expansive global network of honeypot sensors. These sensors emulate vulnerable systems, effectively luring attackers and exposing their tactics in real time. Cyble’s latest sensor intelligence report reveals a sharp spike in exploit attempts, malware campaigns, and brute-force attacks targeting diverse systems worldwide. This week’s intelligence highlights a rise in attacks on the Internet of Things (IoT) devices alongside traditional enterprise infrastructure. Malware variants like Mirai and Gafgyt, infamous for their role in IoT botnets, remain active threats. Cyble’s sensors also
google.comrssforumnews
Show All News
avatar
Jason@JasonSec
2026-02-03
@darkshadow2bd Image is of CVE-2024-7120, tips are obvious except burp collab which is just preference.
Show All Tweets
Configuration 1
TypeVendorProduct
OSRaisecommsg2300_firmware
Configuration 2
TypeVendorProduct
OSRaisecommsg2100e_firmware
Configuration 3
TypeVendorProduct
OSRaisecommsg2200_firmware
Configuration 4
TypeVendorProduct
OSRaisecommsg1200_firmware
ReferenceLink
[email protected]https://netsecfish.notion.site/Command-Injection-Vulnerability-in-RAISECOM-Gateway-Devices-673bc7d2f8db499f9de7182d4706c707?pvs=4
[email protected]https://vuldb.com/?ctiid.272451
[email protected]https://vuldb.com/?id.272451
[email protected]https://vuldb.com/?submit.380167
CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access