CVE-2021-33358

2021-06-0917:53:28

mitre

www.cve.org

9.1 High

AI Score

Confidence

High

0.123 Low

EPSS

Percentile

95.5%

JSON

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the “interface”, “ssid” and “wpa_passphrase” POST parameters in /hostapd, when the parameter values contain special characters such as “;” or “$()” which enables an authenticated attacker to execute arbitrary OS commands.