CVE-2024-7469 – This critical vulnerability allows remote attac... (How to Fix)

Q: What is the severity of CVE-2024-7469?

CVE-2024-7469 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability allows remote attackers to execute arbitrary operating system commands on affected Raisecom gateway devices by manipulating parameters in the web interface. The vulnerability affects Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 devices running version 3.90. Attackers can exploit this without authentication to gain full control of vulnerable devices.

📋 TL;DR

This critical vulnerability allows remote attackers to execute arbitrary operating system commands on affected Raisecom gateway devices by manipulating parameters in the web interface. The vulnerability affects Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 devices running version 3.90. Attackers can exploit this without authentication to gain full control of vulnerable devices.

💻 Affected Systems

Products:

Raisecom MSG1200
Raisecom MSG2100E
Raisecom MSG2200
Raisecom MSG2300

Versions: 3.90

Operating Systems: Embedded OS on Raisecom devices

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface component specifically in the sslvpn_config_mod function of /vpn/list_vpn_web_custom.php

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, exfiltrate sensitive data, or use devices as botnet nodes.

🟠

Likely Case

Attackers gain shell access to execute commands, potentially modifying configurations, stealing credentials, or disrupting network services.

🟢

If Mitigated

Limited impact if devices are isolated in secure network segments with strict access controls and monitoring.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit details exist, making internet-facing devices immediate targets.

🏢 Internal Only: MEDIUM - Internal devices remain vulnerable to attackers who gain network access through other means.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed in GitHub repositories and PDF documentation, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Monitor vendor channels for updates and consider workarounds or replacement.

🔧 Temporary Workarounds

Disable Web Interface

all

Disable the vulnerable web interface component if not required for operations

Specific commands unavailable - use device configuration interface to disable web management

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules

🧯 If You Can't Patch

Implement strict network access controls to limit connections to affected devices
Deploy web application firewall (WAF) rules to block command injection patterns

🔍 How to Verify

Check if Vulnerable:

Check device version via web interface or CLI. If running version 3.90 on affected models, assume vulnerable.

Check Version:

Device-specific CLI command unavailable - check via web interface or device documentation

Verify Fix Applied:

No fix available to verify. Monitor for vendor updates and test in isolated environment before deployment.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /vpn/list_vpn_web_custom.php
Commands containing shell metacharacters in web logs
Unexpected process execution from web service

Network Indicators:

Unusual outbound connections from gateway devices
Traffic patterns suggesting command-and-control communication

SIEM Query:

web.url:*list_vpn_web_custom.php* AND (web.param:*template* OR web.param:*stylenum*) AND (web.param:*;* OR web.param:*|* OR web.param:*`* OR web.param:*$(*)

📊 Metadata

CVE ID: CVE-2024-7469

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-78

Published: August 5, 2024

Last Updated: August 6, 2024

🔗 References

https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/sQrromK7x42JbLgY/Command%20Injection%20Vulnerability%20in%20RAISECOM%20Gateway%20Devices-list_vpn_web_custom.php.pdf Broken Link,Exploit,Technical Description,Third Party Advisory
https://vuldb.com/?ctiid.273562 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.273562 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.385349 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7469, you might also want to check these: