Filtered by vendor Raspap
Subscriptions
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38556 | 1 Raspap | 1 Raspap | 2024-02-14 | 8.8 High |
| includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. | ||||
| CVE-2021-38557 | 1 Raspap | 1 Raspap | 2024-02-14 | 8.8 High |
| raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content. | ||||
| CVE-2022-39987 | 1 Raspap | 1 Raspap | 2023-11-07 | 8.8 High |
| A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. | ||||
| CVE-2022-39986 | 1 Raspap | 1 Raspap | 2023-11-07 | 9.8 Critical |
| A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. | ||||
| CVE-2023-30260 | 1 Raspap | 1 Raspap | 2023-07-03 | 8.8 High |
| Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | ||||
| CVE-2021-33356 | 1 Raspap | 1 Raspap | 2021-06-21 | 8.8 High |
| Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. | ||||
| CVE-2021-33357 | 1 Raspap | 1 Raspap | 2021-06-21 | 9.8 Critical |
| A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2021-33358 | 1 Raspap | 1 Raspap | 2021-06-21 | 8.8 High |
| Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2020-24572 | 1 Raspap | 1 Raspap | 2020-09-01 | 8.8 High |
| An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code). | ||||
Page 1 of 1.