CVE-2024-7467 – This CVE describes a critical OS command inject... (How to Fix)

Q: What is the severity of CVE-2024-7467?

CVE-2024-7467 has a CVSS score of 6.3 (MEDIUM). This CVE describes a critical OS command injection vulnerability in Raisecom gateway devices' web interface. Attackers can execute arbitrary commands remotely by manipulating the template/stylenum parameter in the sslvpn_config_mod function. Organizations using affected Raisecom MSG series devices with vulnerable firmware are at risk.

📋 TL;DR

This CVE describes a critical OS command injection vulnerability in Raisecom gateway devices' web interface. Attackers can execute arbitrary commands remotely by manipulating the template/stylenum parameter in the sslvpn_config_mod function. Organizations using affected Raisecom MSG series devices with vulnerable firmware are at risk.

💻 Affected Systems

Products:

Raisecom MSG1200
Raisecom MSG2100E
Raisecom MSG2200
Raisecom MSG2300

Versions: 3.90

Operating Systems: Embedded OS on Raisecom devices

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface component specifically in /vpn/list_ip_network.php file. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attackers to execute arbitrary commands with system privileges, potentially leading to complete network takeover, data exfiltration, or use as a pivot point for lateral movement.

🟠

Likely Case

Remote code execution leading to device configuration changes, credential theft, installation of backdoors, or disruption of network services.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed in GitHub repository. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to newer firmware versions if available or implementing workarounds.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to the web interface using firewall rules to only trusted IP addresses

Disable Web Interface

all

If web interface is not required for operations, disable it completely

🧯 If You Can't Patch

Segment affected devices into isolated network zones to limit lateral movement
Implement strict outbound filtering to prevent command and control communication

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI. If running version 3.90 on affected models, assume vulnerable.

Check Version:

Check via device web interface or use device-specific CLI commands (varies by model)

Verify Fix Applied:

No official fix available. Verify workarounds by testing web interface accessibility and reviewing firewall rules.

📡 Detection & Monitoring

Log Indicators:

Unusual web interface access patterns
Unexpected command execution in system logs
Multiple failed or unusual parameter values in web requests

Network Indicators:

Unusual outbound connections from gateway devices
Traffic to unexpected ports or IP addresses

SIEM Query:

source="raisecom_gateway" AND (url_path="/vpn/list_ip_network.php" OR cmd_execution="*" OR suspicious_parameter="template/stylenum")

📊 Metadata

CVE ID: CVE-2024-7467

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-78

Published: August 5, 2024

Last Updated: August 6, 2024

🔗 References

https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/sQrromK7x42JbLgY/Command%20Injection%20Vulnerability%20in%20RAISECOM%20Gateway%20Devices-list_ip_network.php.pdf Broken Link,Exploit,Technical Description,Third Party Advisory
https://vuldb.com/?ctiid.273560 Permissions Required,VDB Entry
https://vuldb.com/?id.273560 VDB Entry
https://vuldb.com/?submit.385347 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7467, you might also want to check these: