Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
raspap raspap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2497
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attac...
NA
CVE-2024-28753
RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to read the /etc/passwd file via a crafted request.
NA
CVE-2024-28754
RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to cause a persistent denial of service (bricking) via a crafted request.
NA
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated malicious users to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Raspap Raspap
1 Github repository
NA
CVE-2022-39987
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated malicious user to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.
Raspap Raspap
3 Github repositories
NA
CVE-2023-30260
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and previous versions allows remote malicious users to run arbitrary commands via crafted POST request to hostapd settings form.
Raspap Raspap
6.5
CVSSv2
CVE-2021-38556
includes/configure_client.php in RaspAP 2.6.6 allows malicious users to execute commands via command injection.
Raspap Raspap 2.6.6
9
CVSSv2
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows malicious users to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/h...
Raspap Raspap 2.6.6
9
CVSSv2
CVE-2021-33356
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote malicious user to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.
Raspap Raspap
7.5
CVSSv2
CVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated malicious user to execute arbitra...
Raspap Raspap
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »