Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
raspap raspap vulnerabilities and exploits
(subscribe to this query)
802
VMScore
CVE-2020-24572
An issue exists in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones f...
Raspap Raspap 2.5
2 Github repositories
801
VMScore
CVE-2021-38557
raspap-webgui in RaspAP 2.6.6 allows malicious users to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/h...
Raspap Raspap 2.6.6
801
VMScore
CVE-2021-33358
Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenti...
Raspap Raspap
801
VMScore
CVE-2021-33356
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote malicious user to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.
Raspap Raspap
668
VMScore
CVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated malicious user to execute arbitra...
Raspap Raspap
578
VMScore
CVE-2021-38556
includes/configure_client.php in RaspAP 2.6.6 allows malicious users to execute commands via command injection.
Raspap Raspap 2.6.6
NA
CVE-2024-2497
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attac...
NA
CVE-2024-28753
RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to read the /etc/passwd file via a crafted request.
NA
CVE-2024-28754
RaspAP (aka raspap-webgui) up to and including 3.0.9 allows remote malicious users to cause a persistent denial of service (bricking) via a crafted request.
NA
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated malicious users to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Raspap Raspap
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »