Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
raspap raspap vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated malicious users to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Raspap Raspap
1 Github repository
9.8
CVSSv3
CVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated malicious user to execute arbitra...
Raspap Raspap
8.8
CVSSv3
CVE-2022-39987
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated malicious user to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.
Raspap Raspap
3 Github repositories
8.8
CVSSv3
CVE-2023-30260
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and previous versions allows remote malicious users to run arbitrary commands via crafted POST request to hostapd settings form.
Raspap Raspap
8.8
CVSSv3
CVE-2021-38556
includes/configure_client.php in RaspAP 2.6.6 allows malicious users to execute commands via command injection.
Raspap Raspap 2.6.6
8.8
CVSSv3
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows malicious users to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/h...
Raspap Raspap 2.6.6
8.8
CVSSv3
CVE-2021-33358
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenti...
Raspap Raspap
8.8
CVSSv3
CVE-2021-33356
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote malicious user to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.
Raspap Raspap
8.8
CVSSv3
CVE-2020-24572
An issue exists in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones f...
Raspap Raspap 2.5
2 Github repositories
NA
CVE-2024-2497
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attac...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »