5 matches found
RaspAP Unauthenticated Command Injection
RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...
RaspAP 2.8.7 Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RaspAP Unauthenticated Command Injection', 'Description' = %q RaspAP is feature-rich wireless router software that just works on many popular...
RaspAP 2.8.7 Unauthenticated Command Injection Exploit
RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...
CVE-2022-39986
creationtimestamp| type| source ---|---|--- 2023-08-01 18:38:44+00:00| seen| https://t.me/cibsecurity/67513 2023-08-15 03:51:23+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/raspaprce.rb 2023-08-27 17:49:56+00:00| published-proof-of-concept|...
CVE-2022-39986
RaspAP 2.8.0–2.8.7 is affected by an unauthenticated command-injection vulnerability. An attacker can inject commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php, potentially leading to remote code execution. Public exploitation tooling exists ...