Lucene search

K
Fruitywifi ProjectFruitywifi

5 matches found

CVE
CVE
added 2020/11/05 3:15 p.m.34 views

CVE-2020-24849

A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-173...

8.8CVSS9.3AI score0.04947EPSS
CVE
CVE
added 2018/09/21 6:29 p.m.30 views

CVE-2018-17317

FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /w...

9.8CVSS9.4AI score0.04947EPSS
CVE
CVE
added 2020/10/23 7:15 p.m.27 views

CVE-2020-24847

A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthentica...

4.3CVSS4.7AI score0.00138EPSS
CVE
CVE
added 2020/10/23 7:15 p.m.25 views

CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.

7.8CVSS7.7AI score0.0003EPSS
CVE
CVE
added 2018/11/11 12:29 a.m.24 views

CVE-2018-19168

Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a vali...

10CVSS9.3AI score0.1261EPSS