194 matches found
CVE-2025-44163
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...
RaspAP 安全漏洞
RaspAP is the RaspAP open source application a simple wireless AP setup and management software for Debian-based devices. A security vulnerability exists in RaspAP version 3.3.1, which originates from a directory traversal and could lead to arbitrary file overwrites...
PT-2025-27229 · Raspap · Raspap
Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui version 3.3.1 Description: The issue allows an authenticated attacker to perform a Directory Traversal attack. This is achieved by sending a crafted POST request to the "ajax/networking/get wgkey.php" endpoint with a path...
CVE-2025-44163
CVE-2025-44163 affects RaspAP raspap-webgui 3.3.1. Affected component: ajax/networking/get_wgkey.php. Issue: Directory Traversal via a crafted POST payload in the entity parameter, enabling an authenticated attacker to abuse shell execution (tee) to overwrite arbitrary files writable by the web s...
CVE-2025-44163
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...
CVE-2025-44163
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...
CVE-2024-28753
RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...
CVE-2024-28754
RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to cause a persistent denial of service bricking via a crafted request...
CVE-2024-36622
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...
CVE-2023-30260
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form...
CVE-2022-39987
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/getwgkey.php...
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfgid parameter in /ajax/openvpn/activateovpncfg.php and /ajax/openvpn/delovpncfg.php...
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...
CVE-2021-38556
includes/configureclient.php in RaspAP 2.6.6 allows attackers to execute commands via command injection...
CVE-2020-24572
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured and virtually unrestricted web console to attack the underlying OS Raspberry Pi running this software, and execute commands on the system including ones for uploading o...
CVE-2024-36622
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...
PT-2024-27099 · Raspap · Raspap
Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui versions 3.0.9 and earlier Description: A command injection issue exists in the clearlog.php script due to improper sanitization of user input passed via the logfile parameter. This allows for potential exploitation...
CVE-2024-36622
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...
RaspAP 安全漏洞
RaspAP is the RaspAP open source application a simple wireless AP setup and management software for Debian-based devices. A security vulnerability exists in RaspAP 3.0.9 and earlier versions, which stems from improper cleaning of user input and a command injection vulnerability...
CVE-2024-36622
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...