Lucene search
K

194 matches found

Vulnrichment
Vulnrichment
added 2025/06/27 12:0 a.m.4 views

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

6.7AI score0.00598EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.5 views

RaspAP 安全漏洞

RaspAP is the RaspAP open source application a simple wireless AP setup and management software for Debian-based devices. A security vulnerability exists in RaspAP version 3.3.1, which originates from a directory traversal and could lead to arbitrary file overwrites...

6.3CVSS6.5AI score0.00598EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.8 views

PT-2025-27229 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui version 3.3.1 Description: The issue allows an authenticated attacker to perform a Directory Traversal attack. This is achieved by sending a crafted POST request to the "ajax/networking/get wgkey.php" endpoint with a path...

8.7CVSS7.4AI score0.00598EPSS
Exploits1References8
CVE
CVE
added 2025/06/27 12:0 a.m.32 views

CVE-2025-44163

CVE-2025-44163 affects RaspAP raspap-webgui 3.3.1. Affected component: ajax/networking/get_wgkey.php. Issue: Directory Traversal via a crafted POST payload in the entity parameter, enabling an authenticated attacker to abuse shell execution (tee) to overwrite arbitrary files writable by the web s...

6.3CVSS7.1AI score0.00598EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/06/27 12:0 a.m.12 views

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

0.00598EPSS
Exploits1References2
OSV
OSV
added 2025/06/27 12:0 a.m.3 views

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

6.3CVSS6.9AI score0.00598EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.8 views

CVE-2024-28753

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...

6.5CVSS6.8AI score0.00689EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.6 views

CVE-2024-28754

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to cause a persistent denial of service bricking via a crafted request...

7.5CVSS6.8AI score0.00856EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.7 views

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

9.8CVSS5.9AI score0.02759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:38 a.m.4 views

CVE-2023-30260

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form...

8.8CVSS7.7AI score0.02484EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:36 p.m.5 views

CVE-2022-39987

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/getwgkey.php...

8.8CVSS8.9AI score0.34662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.6 views

CVE-2022-39986

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfgid parameter in /ajax/openvpn/activateovpncfg.php and /ajax/openvpn/delovpncfg.php...

9.8CVSS8.1AI score0.98725EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 p.m.5 views

CVE-2021-38557

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...

9CVSS7.3AI score0.02224EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:5 p.m.4 views

CVE-2021-38556

includes/configureclient.php in RaspAP 2.6.6 allows attackers to execute commands via command injection...

8.8CVSS7.4AI score0.13039EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 p.m.17 views

CVE-2020-24572

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured and virtually unrestricted web console to attack the underlying OS Raspberry Pi running this software, and execute commands on the system including ones for uploading o...

9CVSS7.1AI score0.06799EPSS
Exploits3
NVD
NVD
added 2024/11/29 6:15 p.m.31 views

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

9.8CVSS0.02759EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.6 views

PT-2024-27099 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui versions 3.0.9 and earlier Description: A command injection issue exists in the clearlog.php script due to improper sanitization of user input passed via the logfile parameter. This allows for potential exploitation...

9.8CVSS6.7AI score0.02759EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/11/29 12:0 a.m.13 views

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

7.4AI score0.02759EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/29 12:0 a.m.10 views

RaspAP 安全漏洞

RaspAP is the RaspAP open source application a simple wireless AP setup and management software for Debian-based devices. A security vulnerability exists in RaspAP 3.0.9 and earlier versions, which stems from improper cleaning of user input and a command injection vulnerability...

9.8CVSS7.3AI score0.02759EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/29 12:0 a.m.26 views

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

0.02759EPSS
Exploits0References3
Rows per page
Query Builder