RaspAP raspap-webgui contains an OS Command Injection vulnerability

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

OS command injection in raspap-webgui

Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

CVE-2026-24788

CVE-2026-24788 concerns RaspAP raspap-webgui prior to version 3.3.6, which is affected by an OS command injection vulnerability. Multiple connected sources (Red Hat's advisory RH:CVE-2026-24788, NVD/NVD-derived entries, GHSA entry, CIRCL sighting) corroborate that an authenticated user (login to ...

raspap-webgui 操作系统命令注入漏洞

Raspap-webgui is an open-source wireless router configuration software developed by RaspAP. Versions of raspap-webgui prior to 3.3.6 contained a vulnerability related to operating system command injection. This vulnerability was due to the susceptibility to OS command injection attacks, which cou...

EUVD-2025-28371

Malicious code in bioql PyPI...

EUVD-2025-19331

Malicious code in bioql PyPI...

CVE-2025-50428

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...

CVE-2025-50428

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...

raspap-webgui 安全漏洞

raspap-webgui is a wireless router setup software from RaspAP open source. A security vulnerability exists in raspap-webgui 3.3.2 and earlier versions, which stems from the hostapd.php script not clearing the interface parameter, which could lead to a command injection attack...

PT-2025-34904 · Unknown · Raspap Raspap-Webgui

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui versions prior to 3.3.3 Description: A command injection issue exists in the includes/hostapd.php script due to improper sanitization of user input passed via the interface parameter. Recommendations: Update RaspAP...

Exploit for CVE-2025-50428

!CVEhttps://img.shields.io/badge/CVE-2025--50428-high?style=f...

Directory Traversal

billz/raspap-webgui is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the entity parameter in ajax/networking/getwgkey.php allowing crafted POST requests that leverage the tee command to overwrite arbitrary files writable by the web server...

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

CVE-2024-36622

CVE-2024-36622 affects RaspAP raspap-webgui, version 3.0.9 and earlier. The issue is a command injection in the clearlog.php script caused by improper sanitization of the logfile parameter. The vulnerability details across connected sources consistently describe the same root cause and impact (po...

Arbitrary Code Injection

Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Arbitrary Code Injection in the DisplayProviderConfig function, which is accessible via the $POST'country' in the HTTP POST request handler. A use...