CVE-2021-33357

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands...

CVE-2024-41637

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password...

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

EUVD-2021-1979

Malware in sbrugna...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

CVE-2025-44163

CVE-2025-44163 affects RaspAP raspap-webgui 3.3.1. Affected component: ajax/networking/get_wgkey.php. Issue: Directory Traversal via a crafted POST payload in the entity parameter, enabling an authenticated attacker to abuse shell execution (tee) to overwrite arbitrary files writable by the web s...

CVE-2024-28753

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...

RaspAP 安全漏洞

RaspAP is the RaspAP open source application a simple wireless AP setup and management software for Debian-based devices. A security vulnerability exists in RaspAP 3.0.9 and earlier versions, which stems from improper cleaning of user input and a command injection vulnerability...

PT-2024-27099 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui versions 3.0.9 and earlier Description: A command injection issue exists in the clearlog.php script due to improper sanitization of user input passed via the logfile parameter. This allows for potential exploitation...

RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php`

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

GHSA-VC9F-MGXR-H32R raspap-webgui vulnerable to denial of service

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to cause a persistent denial of service bricking via a crafted request...

CVE-2024-28753

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...

RaspAP security vulnerability

RaspAP is application software for simple wireless AP setup and management of Debian-based devices. A security vulnerability exists in RaspAP 3.0.9 and earlier versions, which stems from a vulnerability that allows remote attackers to read the /etc/passwd file via a crafted request...

RaspAP security vulnerability

RaspAP is application software for simple wireless AP setup and management of Debian-based devices. A security vulnerability exists in RaspAP 3.0.9 and earlier versions that originated from allowing a remote attacker to cause a persistent denial of service via a crafted request...

PT-2024-22562 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP aka raspap-webgui versions 3.0.9 and earlier Description: The issue allows remote attackers to cause a persistent denial of service, potentially leading to device bricking, via a crafted request. Recommendations: For RaspAP aka...

PT-2024-22561 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP aka raspap-webgui versions 3.0.9 and earlier Description: The issue allows remote attackers to read the /etc/passwd file via a crafted request. Recommendations: For RaspAP aka raspap-webgui versions 3.0.9 and earlier, update to a versi...

VulnCheck KEV: CVE-2022-39986

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfgid parameter in /ajax/openvpn/activateovpncfg.php and /ajax/openvpn/delovpncfg.php...

PT-2023-6140 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP versions 2.8.0 through 2.8.7 Description: A command injection issue allows unauthenticated attackers to execute arbitrary commands via the cfg id parameter in "/ajax/openvpn/activate ovpncfg.php" and "/ajax/openvpn/del ovpncfg.php". Th...