Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
raspap raspap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2497
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attac...
NA
CVE-2024-28753
RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to read the /etc/passwd file via a crafted request.
NA
CVE-2024-28754
RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to cause a persistent denial of service (bricking) via a crafted request.
9.8
CVSSv3
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated malicious users to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Raspap Raspap
2 Github repositories
8.8
CVSSv3
CVE-2022-39987
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated malicious user to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.
Raspap Raspap
3 Github repositories
8.8
CVSSv3
CVE-2023-30260
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and previous versions allows remote malicious users to run arbitrary commands via crafted POST request to hostapd settings form.
Raspap Raspap
8.8
CVSSv3
CVE-2021-38556
includes/configure_client.php in RaspAP 2.6.6 allows malicious users to execute commands via command injection.
Raspap Raspap 2.6.6
8.8
CVSSv3
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows malicious users to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/h...
Raspap Raspap 2.6.6
8.8
CVSSv3
CVE-2021-33358
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenti...
Raspap Raspap
9.8
CVSSv3
CVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated malicious user to execute arbitra...
Raspap Raspap
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »