Filtered by vendor Raspap
Subscribe
Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-30260 | 1 Raspap | 1 Raspap | 2024-11-21 | N/A | 8.8 HIGH |
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | |||||
CVE-2022-39987 | 1 Raspap | 1 Raspap | 2024-11-21 | N/A | 8.8 HIGH |
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. | |||||
CVE-2022-39986 | 1 Raspap | 1 Raspap | 2024-11-21 | N/A | 9.8 CRITICAL |
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. | |||||
CVE-2021-38557 | 1 Raspap | 1 Raspap | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content. | |||||
CVE-2021-38556 | 1 Raspap | 1 Raspap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. | |||||
CVE-2021-33358 | 1 Raspap | 1 Raspap | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. | |||||
CVE-2021-33357 | 1 Raspap | 1 Raspap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. | |||||
CVE-2021-33356 | 1 Raspap | 1 Raspap | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. | |||||
CVE-2020-24572 | 1 Raspap | 1 Raspap | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code). |