15 matches found
OS command injection in raspap-webgui
Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
CVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
CVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
CVE-2026-24788
CVE-2026-24788 concerns RaspAP raspap-webgui prior to version 3.3.6, which is affected by an OS command injection vulnerability. Multiple connected sources (Red Hat's advisory RH:CVE-2026-24788, NVD/NVD-derived entries, GHSA entry, CIRCL sighting) corroborate that an authenticated user (login to ...
CVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
raspap-webgui 操作系统命令注入漏洞
Raspap-webgui is an open-source wireless router configuration software developed by RaspAP. Versions of raspap-webgui prior to 3.3.6 contained a vulnerability related to operating system command injection. This vulnerability was due to the susceptibility to OS command injection attacks, which cou...
EUVD-2025-19331
Malicious code in bioql PyPI...
EUVD-2025-28371
Malicious code in bioql PyPI...
CVE-2025-50428
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...
CVE-2025-50428
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...
raspap-webgui 安全漏洞
raspap-webgui is a wireless router setup software from RaspAP open source. A security vulnerability exists in raspap-webgui 3.3.2 and earlier versions, which stems from the hostapd.php script not clearing the interface parameter, which could lead to a command injection attack...
Arbitrary Code Injection
Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Arbitrary Code Injection in the DisplayProviderConfig function, which is accessible via the $POST'country' in the HTTP POST request handler. A use...
PT-2024-20680 · Raspap · Raspap
Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui version 3.0.9 Description: A critical issue affects the processing of the file includes/provider.php in the HTTP POST Request Handler component. The manipulation of the country argument leads to code injection. This issue...
CVE-2023-30260
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form...
RaspAP安全漏洞
RaspAP is a software solution that can easily deploy Raspberry Pi as a wireless AP access point with a set of responsive WebUI to control WiFi, as easy to use as a home router. raspap-webgui in RaspAP version 2.6.6 is vulnerable to remote code execution. The vulnerability stems from insecure...