Lucene search

K

Raspap Security Vulnerabilities

cve
cve

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated....

4.7CVSS

7.4AI Score

0.0004EPSS

2024-03-15 05:15 PM
26
cve
cve

CVE-2021-38557

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with....

8.8CVSS

8.8AI Score

0.003EPSS

2021-08-24 01:15 PM
45
cve
cve

CVE-2021-38556

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command...

8.8CVSS

9AI Score

0.026EPSS

2021-08-24 01:15 PM
45
cve
cve

CVE-2022-39986

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and...

9.8CVSS

9.8AI Score

0.881EPSS

2023-08-01 02:15 PM
64
cve
cve

CVE-2022-39987

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in...

8.8CVSS

8.9AI Score

0.001EPSS

2023-08-01 02:15 PM
25
cve
cve

CVE-2023-30260

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings...

8.8CVSS

8.9AI Score

0.001EPSS

2023-06-23 12:15 PM
12
cve
cve

CVE-2021-33358

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS...

8.8CVSS

8.9AI Score

0.066EPSS

2021-06-09 06:15 PM
22
2
cve
cve

CVE-2021-33356

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root...

8.8CVSS

9.1AI Score

0.08EPSS

2021-06-09 06:15 PM
32
2
cve
cve

CVE-2021-33357

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS...

9.8CVSS

9.7AI Score

0.967EPSS

2021-06-09 06:15 PM
32
In Wild
2
cve
cve

CVE-2020-24572

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for...

8.8CVSS

8.7AI Score

0.007EPSS

2020-08-24 08:15 PM
19