CVE-2021-33358
RaspAP versions 2.3–2.6.5 contain command-injection vulnerabilities in the /hostapd endpoint via the interface, ssid, and wpa_passphrase POST parameters. Values containing special characters such as ; or $() may allow an authenticated attacker to execute arbitrary OS commands. Affects RaspAP’s we...