3 matches found
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...
CVE-2021-38557
Affected software: raspap-webgui (RaspAP) 2.6.6. Root cause: insecure sudoers permissions permit the www-data user to run /etc/raspap/hostapd/enablelog.sh as root without a password and to overwrite that script with arbitrary executable content. Impact: potential remote code execution as root. Ex...