raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.
References
Link | Resource |
---|---|
https://github.com/RaspAP/raspap-webgui | Product |
https://github.com/RaspAP/raspap-webgui/blob/fabc48c7daae4013b9888f266332e510b196a062/installers/raspap.sudoers | Third Party Advisory |
https://zerosecuritypenetrationtesting.com/?page_id=306 | Exploit Third Party Advisory URL Repurposed |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-24T12:33:01
Updated: 2021-08-24T12:33:01
Reserved: 2021-08-11T00:00:00
Link: CVE-2021-38557
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-24T13:15:14.513
Modified: 2024-02-14T01:17:43.863
Link: CVE-2021-38557
JSON object: View
Redhat Information
No data.
CWE