Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
raspap raspap vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows malicious users to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/h...
Raspap Raspap 2.6.6
9
CVSSv2
CVE-2021-33358
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenti...
Raspap Raspap
9
CVSSv2
CVE-2021-33356
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote malicious user to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.
Raspap Raspap
9
CVSSv2
CVE-2020-24572
An issue exists in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones f...
Raspap Raspap 2.5
2 Github repositories
7.5
CVSSv2
CVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated malicious user to execute arbitra...
Raspap Raspap
6.5
CVSSv2
CVE-2021-38556
includes/configure_client.php in RaspAP 2.6.6 allows malicious users to execute commands via command injection.
Raspap Raspap 2.6.6
NA
CVE-2024-2497
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attac...
NA
CVE-2024-28753
RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to read the /etc/passwd file via a crafted request.
NA
CVE-2024-28754
RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to cause a persistent denial of service (bricking) via a crafted request.
NA
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated malicious users to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Raspap Raspap
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »