Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Raspap Subscribe
Filtered by product Raspap
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38556 1 Raspap 1 Raspap 2021-09-02 6.5 MEDIUM 8.8 HIGH
includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.
CVE-2021-38557 1 Raspap 1 Raspap 2021-09-02 9.0 HIGH 8.8 HIGH
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.
CVE-2021-33356 1 Raspap 1 Raspap 2021-06-21 9.0 HIGH 8.8 HIGH
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.
CVE-2021-33357 1 Raspap 1 Raspap 2021-06-21 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.
CVE-2021-33358 1 Raspap 1 Raspap 2021-06-21 9.0 HIGH 8.8 HIGH
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands.
CVE-2020-24572 1 Raspap 1 Raspap 2020-09-01 9.0 HIGH 8.8 HIGH
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code).